Add OIDC to npm

Author: andy-chhuon

.github/workflows/actions/prepare/action.yml

@@ -7,6 +7,7 @@ runs:
       with:
         cache: yarn
         node-version-file: '.nvmrc'
+        registry-url: 'https://registry.npmjs.org'
 
     - name: Yarn install
       run: yarn install --frozen-lockfile

.github/workflows/deploy-rc.yml

@@ -11,19 +11,25 @@ jobs:
   changesets:
     name: Deploy
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write # Required for OIDC
     steps:
       - uses: actions/checkout@v3
         with:
           token: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}
 
       - uses: ./.github/workflows/actions/prepare
 
+      - name: Update npm to latest
+        run: npm install -g npm@latest
+
       - id: changesets
         name: Create release Pull Request or publish to NPM
         uses: changesets/action@v1
         with:
           title: Version Packages (${{ github.ref_name }})
           publish: yarn run deploy
         env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TOKEN: '' # Forces OIDC authentication
           GITHUB_TOKEN: ${{ secrets.SHOPIFY_GH_ACCESS_TOKEN }}