**What it does:**

- Installs dependencies

- Runs tests to ensure quality

- Publishes the package to npm

- Publishes the package to npm with provenance using OIDC authentication

**Features:**

- Uses OpenID Connect (OIDC) for secure authentication

- Publishes with`--provenance` flag for supply chain security

- Automatically makes the package public with`--access public`

- Run tests

- Publish to npm if tests pass

For the publish workflow to work, youneed toadd an`NPM_TOKEN` secret to your GitHub repository:

The workflow uses OIDC (OpenID Connect) authentication with provenance for enhanced security. You stillneed toconfigure an`NPM_TOKEN` secret:

1. Generate an npm token:

1. Generate an npmAutomationtoken:

- Log in tohttps://www.npmjs.com

- Go to Account Settings → Access Tokens

- Generate a new "Automation" token

- Click "Generate New Token" → Choose "Automation"

- Copy the generated token

2. Add the token to GitHub:

- Go to repository Settings → Secrets and variables → Actions

- Click "New repository secret"

- Name:`NPM_TOKEN`

- Value: Your npm token

- Value: Your npmautomationtoken

- Click "Add secret"

The workflow includes the required permissions:

permissions:

id-token:write# Required for OIDC authentication

contents:read

npm publish

To publish with provenance locally (requires npm 9.5.0+):

npm publish --provenance --access public

**Note:** Provenance generation may not work from all environments. GitHub Actions is the recommended way to publish with provenance.

publish:

runs-on:ubuntu-latest

permissions:

id-token:write# Required for OIDC authentication

contents:read

steps:

-name:Checkout code

uses:actions/checkout@v4

-name:Run tests

run:npm test

-name:Publish to npm

run:npm publish

-name:Publish to npm with provenance

run:npm publish --provenance --access public

env:

NODE_AUTH_TOKEN:${{ secrets.NPM_TOKEN }}

The package is automatically published to npm when a new GitHub release is created:

The package is automatically published to npmwith provenancewhen a new GitHub release is created:

1. Update the version:

3. Create a GitHub release athttps://github.com/ServiceStack/create-net/releases/new

- The GitHub Action will automatically run tests and publish to npm

- The GitHub Action will automatically run tests and publish to npm with provenance

**Security Features:**

- Uses OIDC authentication for secure publishing

- Generates provenance attestations for supply chain security

- Published with`--access public` flag

To publish manually:

npm login

npm publish

npm publish --access public

**Note:** You need to configure the`NPM_TOKEN` secret in GitHub repository settings for automated publishing. See[`.github/workflows/README.md`](.github/workflows/README.md) for details.