From c457cc8df530aa93213e6aaaa39d2db36ded0ad2 Mon Sep 17 00:00:00 2001
From: Yongmin Hong <revi@omglol.email>
Date: Wed, 19 Jun 2024 16:17:48 +0900
Subject: [PATCH 1/2] actions/publishing(nodejs): `id-token: write` for `npm
 publish` with `--provenance`

NPM refuses to publish with `--provenance` unless `id-token: write` permission is supplied.

```
npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm error code EUSAGE
npm error Provenance generation in GitHub Actions requires "write" access to the "id-token" permission
```

See also: https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions

Signed-off-by: Yongmin Hong <revi@omglol.email>
---
 .../actions/publishing-packages/publishing-nodejs-packages.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/content/actions/publishing-packages/publishing-nodejs-packages.md b/content/actions/publishing-packages/publishing-nodejs-packages.md
index 9b260b241791..d15ac0d4774f 100644
--- a/content/actions/publishing-packages/publishing-nodejs-packages.md
+++ b/content/actions/publishing-packages/publishing-nodejs-packages.md
@@ -69,6 +69,10 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    {% ifversion artifact-attestations %}
+    permissions:
+      contents: read
+      id-token: write{% endif %}
     steps:
       - uses: {% data reusables.actions.action-checkout %}
       # Setup .npmrc file to publish to npm

From 6012a6c9ed6043d2239380af054cee68786568a2 Mon Sep 17 00:00:00 2001
From: Yongmin Hong <revi@omglol.email>
Date: Wed, 19 Jun 2024 16:35:22 +0900
Subject: [PATCH 2/2] fix: empty line

[screenshot](https://github.com/github/docs/assets/7630875/55a8f9a7-0d2e-4fff-a181-b90cc239ac16)

Most likely generated because `{% ifversion artifact-attestations %}`
is in their own lines, so put that just before the `permissions:` to
remove that extraneous line.

Signed-off-by: Yongmin Hong <revi@omglol.email>
---
 .../actions/publishing-packages/publishing-nodejs-packages.md  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/content/actions/publishing-packages/publishing-nodejs-packages.md b/content/actions/publishing-packages/publishing-nodejs-packages.md
index d15ac0d4774f..e288ee582ee6 100644
--- a/content/actions/publishing-packages/publishing-nodejs-packages.md
+++ b/content/actions/publishing-packages/publishing-nodejs-packages.md
@@ -69,8 +69,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
-    {% ifversion artifact-attestations %}
-    permissions:
+    {% ifversion artifact-attestations %}permissions:
       contents: read
       id-token: write{% endif %}
     steps: