feat(action): 添加禁用 npm 发布的出处证明功能

- 在 action.yml 中添加 disableProvenance 输入选项
- 在 src/index.ts 中处理 disableProvenance 输入
- 在 src/publish-package.ts 中根据 disableProvenance 决定是否启用出处证明
- 更新 src/types.ts 中的 PublishOptions 和 InternalPublishOptions 类型

action.yml

@@ -20,6 +20,9 @@ inputs:
   includePrivate:
     description: publish private packages as well.
     required: false
+  disableProvenance:
+    description: Disable provenance for npm publish.
+    required: false
 
 # https://actions-cool.github.io/github-action-branding/
 branding:

src/index.ts

@@ -9,16 +9,18 @@ async function main() {
     const inputs: PublishOptions = {
         token,
         tag: core.getInput('tag'),
-        dryRun: core.getInput('dry-run') === 'true',
+        dryRun: core.getInput('dryRun') === 'true',
         target: core.getInput('target') as PublishOptions['target'],
-        includePrivate: core.getInput('include-private') === 'true',
+        includePrivate: core.getInput('includePrivate') === 'true',
+        disableProvenance: core.getInput('disableProvenance') === 'true',
     };
     const defaults: InternalPublishOptions = {
         dryRun: false,
         target: 'npm',
         includePrivate: false,
         tag: 'latest',
         token: '',
+        disableProvenance: false,
     };
     const options = {} as InternalPublishOptions;
 

src/publish-package.ts

@@ -46,7 +46,7 @@ export function publishPackage(pkgPath: string, options: InternalPublishOptions)
         //
         'npm',
         'publish',
-        options.target === 'npm' && '--provenance',
+        options.target === 'npm' && !options.disableProvenance && '--provenance',
         `--tag=${options.tag}`,
         options.dryRun && '--dry-run',
         core.isDebug() && '--verbose',

src/types.ts

@@ -6,6 +6,7 @@ export type PublishOptions = {
     tag?: string;
     dryRun?: boolean;
     includePrivate?: boolean;
+    disableProvenance?: boolean;
 };
 
 export type InternalPublishOptions = Required<PublishOptions>;