From 7fe0e65d818398a77d26c5b9d3de8d1b2207c35e Mon Sep 17 00:00:00 2001
From: immutable-art <138187673+immutable-art@users.noreply.github.com>
Date: Thu, 17 Oct 2024 11:59:57 +1100
Subject: [PATCH] ITSEC-2280 Add the remaining artifacts for SBOM signing
 (#250)

* ITSEC-2280 Add Dependency Review job; Add SBOM signing.

* ITSEC-2280 Update CODEOWNERS to include Product Security on .github

* ITSEC-2280: Fix the dependency review action

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>

* ITSEC-2280 Update permissions for GH attestations

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>

* ITSEC-2280: Add 'contracts' for artifact signing

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>

* ITSEC-2280: Add the remaining meta files for attestation

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>

---------

Signed-off-by: immutable-art <138187673+immutable-art@users.noreply.github.com>
---
 .github/workflows/publish.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index ce70b810..91ffe8e6 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -67,6 +67,9 @@ jobs:
           subject-path: |
             dist
             contracts
+            README.md
+            LICENSE.md
+            package.json
   
       - name: Publish package
         uses: JS-DevTools/npm-publish@v1