diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 66b38164..a0a76205 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -85,6 +85,7 @@ jobs:
needs: release
runs-on: ubuntu-latest
permissions:
+ id-token: write
contents: read
if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha
steps:
@@ -103,5 +104,6 @@ jobs:
env:
NPM_DIST_TAG: latest
NPM_REGISTRY: registry.npmjs.org
+ NPM_CONFIG_PROVENANCE: true
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npx -p publib@latest publib-npm
diff --git a/.github/workflows/upgrade-cdklabs-projen-project-types-main.yml b/.github/workflows/upgrade-cdklabs-projen-project-types-main.yml
index 1f2fc670..78e33fe8 100644
--- a/.github/workflows/upgrade-cdklabs-projen-project-types-main.yml
+++ b/.github/workflows/upgrade-cdklabs-projen-project-types-main.yml
@@ -59,7 +59,7 @@ jobs:
git config user.email "github-actions@github.com"
- name: Create Pull Request
id: create-pr
- uses: peter-evans/create-pull-request@v4
+ uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
commit-message: |-
diff --git a/.github/workflows/upgrade-dev-deps-main.yml b/.github/workflows/upgrade-dev-deps-main.yml
index 435c61f8..d42f73b5 100644
--- a/.github/workflows/upgrade-dev-deps-main.yml
+++ b/.github/workflows/upgrade-dev-deps-main.yml
@@ -63,7 +63,7 @@ jobs:
git config user.email "github-actions@github.com"
- name: Create Pull Request
id: create-pr
- uses: peter-evans/create-pull-request@v4
+ uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
commit-message: |-
diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml
index 86a99ce7..cd803a74 100644
--- a/.github/workflows/upgrade-main.yml
+++ b/.github/workflows/upgrade-main.yml
@@ -63,7 +63,7 @@ jobs:
git config user.email "github-actions@github.com"
- name: Create Pull Request
id: create-pr
- uses: peter-evans/create-pull-request@v4
+ uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
commit-message: |-
diff --git a/package.json b/package.json
index 83f20a2e..6aaf5ebb 100644
--- a/package.json
+++ b/package.json
@@ -67,7 +67,7 @@
"eslint-plugin-import": "^2.29.1",
"jest": "^27.5.1",
"jest-junit": "^15",
- "projen": "^0.79.22",
+ "projen": "^0.79.24",
"standard-version": "^9",
"ts-jest": "^27.1.5",
"ts-node": "^10.9.2",
diff --git a/yarn.lock b/yarn.lock
index 13e42a5f..a161ca35 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -4949,10 +4949,10 @@ process-nextick-args@~2.0.0:
resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-2.0.1.tgz#7820d9b16120cc55ca9ae7792680ae7dba6d7fe2"
integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==
-projen@^0.79.22:
- version "0.79.22"
- resolved "https://registry.yarnpkg.com/projen/-/projen-0.79.22.tgz#14225ccf9bbaeb14ca018cff6120aaa7b5ddbbe4"
- integrity sha512-95m5kBcdTaGr1JR6i/6z5XpHjXhaKwfKANXDN0y3/SsTLSPtXDCz0o8HCrKnAMjpSrR86ZGBbENm5gxhvq2B2Q==
+projen@^0.79.24:
+ version "0.79.24"
+ resolved "https://registry.yarnpkg.com/projen/-/projen-0.79.24.tgz#c540d7e5af1d8f35ab5e42a9d8508166b4b916de"
+ integrity sha512-feRBel2kl/dRsXTUFwYDnhZjQ7ZEdTAgxsAXIgJX4tEZllw4VzsbFX6P6/qxIUg+swPxYcJOU48bPA2IpuJWuQ==
dependencies:
"@iarna/toml" "^2.2.5"
case "^1.6.3"