From 1b9a7637a2913e3db247e99fd2b6cef22a5e30d8 Mon Sep 17 00:00:00 2001
From: Haoqun Jiang <haoqunjiang@gmail.com>
Date: Sun, 10 Nov 2024 23:43:52 +0800
Subject: [PATCH] workflow: add release automation with provenance

---
 .github/MAINTENANCE.md        | 10 ++++++++++
 .github/workflows/publish.yml | 24 ++++++++++++++++++++++++
 package.json                  |  3 ++-
 3 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 .github/MAINTENANCE.md
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/MAINTENANCE.md b/.github/MAINTENANCE.md
new file mode 100644
index 0000000..6c0c2c0
--- /dev/null
+++ b/.github/MAINTENANCE.md
@@ -0,0 +1,10 @@
+This document explains how to perform the project's maintenance tasks.
+
+### Creating a new release
+
+Anyone with write access to the repository can request a new release. To do so, follow these steps:
+
+1. Run `npm version <patch|minor|major>` locally to bump the version number and create a new commit / tag.
+2. Push the commit and tag to the repository by running `git push --follow-tags`.
+3. The release will be automatically published to npm by GitHub Actions once approved by an administrator.
+4. Go to <https://github.com/vuejs/tsconfig/releases/new> and create a new release with the tag that was just created. Describe the notable changes in the release notes.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..a7b7170
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,24 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+
+jobs:
+  release:
+    # Use Publish environment for deployment protection
+    environment: Publish
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/package.json b/package.json
index 77bc230..e9dc642 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,8 @@
   },
   "homepage": "https://github.com/vuejs/tsconfig#readme",
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "peerDependencies": {
     "typescript": "5.x",