From 8edb9bfc581e9117900d4cb785347bbb667c841b Mon Sep 17 00:00:00 2001
From: Philip Harrison <philip@mailharrison.com>
Date: Wed, 15 Feb 2023 17:31:36 +0000
Subject: [PATCH 1/3] Update to use latest npm CLI release

The new version has provenance support built in.

https://github.com/npm/cli/pull/6163
---
 .github/workflows/publish.yml | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index a7e8b7c..20bebdd 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -18,29 +18,12 @@ jobs:
           node-version: 18
           registry-url: https://registry.npmjs.org/
           cache: npm
+      - run: npm install -g npm@latest
       - run: npm ci
       - run: npm test
       - run: npm version ${TAG_NAME} --git-tag-version=false
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
-
-      # Provenance beta builds
-      # Remove when stable
-      - name: Clone npm
-        uses: actions/checkout@v3
-        with:
-          repository: npm/cli
-          ref: provenance
-          path: npm
-      - name: Link npm
-        run: |
-          cd npm
-          node . link
-          cd ..
-          npm version
-      # Provenance beta builds
-      # Remove when stable
-
       - run: npm whoami; npm --ignore-scripts publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}

From 7ce92dbf76dfd43386021a99dbc43d92ccfd6cd1 Mon Sep 17 00:00:00 2001
From: Philip Harrison <philip@mailharrison.com>
Date: Tue, 28 Feb 2023 08:35:28 +0000
Subject: [PATCH 2/3] Install latest node for publish only

---
 .github/workflows/publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 20bebdd..02b0db2 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -18,12 +18,12 @@ jobs:
           node-version: 18
           registry-url: https://registry.npmjs.org/
           cache: npm
-      - run: npm install -g npm@latest
       - run: npm ci
       - run: npm test
       - run: npm version ${TAG_NAME} --git-tag-version=false
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
+      - run: npm install -g npm
       - run: npm whoami; npm --ignore-scripts publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{secrets.npm_token}}

From 9379a386a579e9d877e148c135e00c6ba66d79e5 Mon Sep 17 00:00:00 2001
From: Philip Harrison <philip@mailharrison.com>
Date: Tue, 28 Feb 2023 08:36:27 +0000
Subject: [PATCH 3/3] Add comment

---
 .github/workflows/publish.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 02b0db2..df8ce77 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -23,6 +23,7 @@ jobs:
       - run: npm version ${TAG_NAME} --git-tag-version=false
         env:
           TAG_NAME: ${{ github.event.release.tag_name }}
+      # Install latest version of npm for publishing with provenance
       - run: npm install -g npm
       - run: npm whoami; npm --ignore-scripts publish --provenance --access public
         env: