[PR #47] [MERGED] fix: replace npm install with npm ci and add provenance flag to npm publish #73

New issue

Closed

opened 2026-05-06 16:07:25 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-06 16:07:25 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/BreizhHardware/express-prom-bundle/pull/47
Author: @BreizhHardware
Created: 2/18/2026
Status: ✅ Merged
Merged: 2/18/2026
Merged by: @BreizhHardware

Base: main ← Head: dev

📝 Commits (1)

821dfb2 fix: replace npm install with npm ci and add provenance flag to npm publish

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 .github/workflows/release.yml (+2 -2)

📄 Description

This pull request updates the npm publish workflow to improve reliability and security during releases. The most important changes are:

Workflow improvements:

Replaced npm install with npm ci to ensure a clean and reproducible install of dependencies in the release workflow (.github/workflows/release.yml).
Added the --provenance flag to npm publish to provide verifiable build provenance for published packages, enhancing supply chain security (.github/workflows/release.yml).

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BreizhHardware/express-prom-bundle/pull/47 **Author:** [@BreizhHardware](https://github.com/BreizhHardware) **Created:** 2/18/2026 **Status:** ✅ Merged **Merged:** 2/18/2026 **Merged by:** [@BreizhHardware](https://github.com/BreizhHardware) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (1) - [`821dfb2`](https://github.com/BreizhHardware/express-prom-bundle/commit/821dfb2a9e6df0171e4f028c01ba055498ec94ba) fix: replace npm install with npm ci and add provenance flag to npm publish ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/release.yml` (+2 -2) </details> ### 📄 Description This pull request updates the npm publish workflow to improve reliability and security during releases. The most important changes are: Workflow improvements: * Replaced `npm install` with `npm ci` to ensure a clean and reproducible install of dependencies in the release workflow (`.github/workflows/release.yml`). * Added the `--provenance` flag to `npm publish` to provide verifiable build provenance for published packages, enhancing supply chain security (`.github/workflows/release.yml`). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>