fix(release): add npm OIDC provenance support

ikenxuan · ikenxuan · commit fa6e62b35c52 · 2026-03-15T22:13:33.000+08:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,6 +7,7 @@ on:
 # 赋予 release-please-action 权限
 permissions:
   contents: write
+  id-token: write
   pull-requests: write
 jobs:
   # 设置 release-please 任务
@@ -36,11 +37,14 @@ jobs:
       # 复制插件列表到 package.json
       - run: npm run cp
         if: ${{ steps.release.outputs.release_created }}
+      # 更新 npm 到最新版本以支持 OIDC
+      - run: npm install -g npm@latest
+        if: ${{ steps.release.outputs.release_created }}
       # 发布到 npm
-      - run: npm run pub
+      - run: npm run pub --provenance
         if: ${{ steps.release.outputs.release_created }}
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
       # 同步npm包
       - run: npm run sync
-        if: ${{ steps.release.outputs.release_created }}
+        if: ${{ steps.release.outputs.release_created }}
