ci: include provenance statement with release

Signed-off-by: Akshat Patel <akshat@live.ca>

Author: Akshat55

.github/workflows/publish.yml

@@ -8,12 +8,20 @@ on:
   # Allows us to run this workflow manually from the Actions tab
   workflow_dispatch:
 
+permissions:
+  contents: read # for checkout
+
 jobs:
   # Single deploy job since we're just deploying
   publish:
     environment:
       name: Deploy
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on pull requests
+      id-token: write # to enable use of ODIC for npm provenance
     steps:
       # Checkout to branch
       - name: Checkout

package.json

@@ -57,6 +57,9 @@
     "type": "git",
     "url": "git@github.com:carbon-design-system/carbon-components-angular.git"
   },
+  "publishConfig": {
+    "provenance": true
+  },
   "license": "Apache-2.0",
   "author": "IBM",
   "peerDependencies": {