Publish with provenance

.github/workflows/release.yml

@@ -9,6 +9,8 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
   release:
+    permissions:
+      id-token: write
     name: Release
     runs-on: ubuntu-latest
     steps:
@@ -31,8 +33,8 @@ jobs:
         id: changesets
         uses: changesets/action@v1
         with:
-          # This expects you to have a script called release which does a build for your packages and calls changeset publish
-          publish: yarn release
+          publish: yarn build && yarn publish:all
         env:
+          NPM_CONFIG_PROVENANCE: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

package.json

@@ -27,7 +27,6 @@
     "version:prepare": "yarn changeset version",
     "version:check": "yarn changeset status",
     "publish:all": "yarn changeset publish",
-    "release": "yarn build && yarn version:check && yarn publish:all",
     "postinstall": "husky install"
   },
   "workspaces": [