From e329bcd54a5daa4eafb8a9e95117eb2bc07cad1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Vanvelthem?=
 <belgattitude@users.noreply.github.com>
Date: Sat, 6 Jan 2024 16:19:03 +0100
Subject: [PATCH] Add npm provenance to secure releases (#877)

* feat: add npm provenance to releases

* feat: add npm provenance to releases
---
 .changeset/eleven-cherries-raise.md         | 9 +++++++++
 .github/workflows/release-or-version-pr.yml | 1 +
 2 files changed, 10 insertions(+)
 create mode 100644 .changeset/eleven-cherries-raise.md

diff --git a/.changeset/eleven-cherries-raise.md b/.changeset/eleven-cherries-raise.md
new file mode 100644
index 000000000..8d3492ce8
--- /dev/null
+++ b/.changeset/eleven-cherries-raise.md
@@ -0,0 +1,9 @@
+---
+"prisma-exception": patch
+"@httpx/assert": patch
+"@httpx/dsn-parser": patch
+"@httpx/exception": patch
+"@httpx/json-api": patch
+---
+
+Add npm provenance to releases
diff --git a/.github/workflows/release-or-version-pr.yml b/.github/workflows/release-or-version-pr.yml
index fac311b1e..528ba201d 100644
--- a/.github/workflows/release-or-version-pr.yml
+++ b/.github/workflows/release-or-version-pr.yml
@@ -53,4 +53,5 @@ jobs:
           # trigger the regular CI workflow. This limitation can be circumvented by
           # setting a custom PAT token from a GH account and setting it the secrets.
           GITHUB_TOKEN: ${{ secrets.BELGATTITUDE_HTTPX_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true