#Publishing to NPM with Provenance

The support for publishing with provenance was released in Yarn v4.9.0, which isn't being used in Sapphire projects as of yet. Therefore, I have made it a draft PR until Renovate updates them on Sunday.

https://github.com/sapphiredev/.github/pull/83

bless Yarn adding this finally

left 1 comment on it

i don't really do much shell scripting but would something like this be sufficient?

if [ $(node -p "require('semver').gte('$(yarn --version)', '4.9.0')") = true ]; then
  yarn publish --provenance
else
  yarn publish
fi

tests:

# Sapphire's .github repo
sapphire.github on  main via  v22.14.0 on ☁️  (auto)
❯ echo "current yarn version = $(yarn --version)"; if [ $(node -p "require('semver').gte('$(yarn --version)', '4.9.0')") = true ]; then echo "eligable"; else echo "not eligable"; fi
current yarn version = 4.8.1
not eligable

# my plugins repo that i've updated to v4.9.0
sapphire-plugins on  main via  v22.14.0 on ☁️  (auto)
❯ echo "current yarn version = $(yarn --version)"; if [ $(node -p "require('semver').gte('$(yarn --version)', '4.9.0')") = true ]; then echo "eligable"; else echo "not eligable"; fi
current yarn version = 4.9.0
eligable

i suppose i could make it into a tenary instead?

# condition placed in both workflows (publish and continuous delivery)
FLAG=$([ $(node -p "require('semver').gte('$(yarn --version)', '4.9.0')") = true ] && echo '--provenance' || echo '')

# publish workflow
yarn npm publish ${FLAG}

# continuous delivery workflow
yarn npm publish --tag ${TAG} ${FLAG}

thoughts? @rustic wasp

sure that looks good. I was actually thinking even much simpler and not using node's semver but doing so is actually really smart.

i have pushed that change and made the pr ready for review