Actions/Node Updates (#558)

* Use node 22 in devcontainer * Use node 22 in actions * Publish with provenance
2024-10-14 11:55:11 -04:00 · 2024-10-14 11:55:11 -04:00 · abbe946583
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -7,7 +7,7 @@
    // Update 'VARIANT' to pick a Node version: 16, 14, 12.
    // Append -bullseye or -buster to pin to an OS version.
    // Use -bullseye variants on local arm64/Apple Silicon.
-    "args": {"VARIANT": "16"}
+    "args": {"VARIANT": "22"}
  },

  // Set *default* container specific settings.json values on container create.
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@ -12,7 +12,7 @@ jobs:

    strategy:
      matrix:
-        node-version: [18, 20]
+        node-version: [20, 22]

    steps:
      - uses: actions/checkout@v4
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -4,6 +4,10 @@ on:
  release:
    types: [created]

+permissions:
+  contents: read
+  id-token: write
+
 jobs:
  publish-npm:
    runs-on: ubuntu-latest
@ -11,7 +15,7 @@ jobs:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
-          node-version: 18
+          node-version: 22
          registry-url: https://registry.npmjs.org/
          cache: npm
      - run: npm ci
@ -19,6 +23,6 @@ jobs:
      - run: npm version ${TAG_NAME} --git-tag-version=false
        env:
          TAG_NAME: ${{ github.event.release.tag_name }}
-      - run: npm whoami; npm --ignore-scripts publish
+      - run: npm whoami; npm --ignore-scripts publish --provenance
        env:
          NODE_AUTH_TOKEN: ${{secrets.npm_token}}