feat: migrate npm publishing using OIDC (#1400)

Author: subhankarmaiti

.github/actions/npm-publish/action.yml

@@ -1,8 +1,6 @@
 name: Publish release to npm
 
 inputs:
-  npm-token:
-    required: true
   version:
     required: true
   release-directory:
@@ -22,14 +20,6 @@ runs:
       shell: bash
       run: yarn ci
 
-    - name: Verify npm token
-      shell: bash
-      run: |
-        if [ -z "${{ inputs.npm-token }}" ]; then
-          echo "Error: npm-token is not provided."
-          exit 1
-        fi
-
     - name: Publish release to NPM
       shell: bash
       working-directory: ${{ inputs.release-directory }}
@@ -43,5 +33,4 @@ runs:
         fi
         npm publish --provenance --tag $TAG
       env:
-        NODE_AUTH_TOKEN: ${{ inputs.npm-token }}
         VERSION: ${{ inputs.version }}

.github/workflows/npm-release.yml

@@ -9,14 +9,15 @@ on:
     secrets:
       github-token:
         required: true
-      npm-token:
-        required: true
 
 jobs:
   release:
     if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
     runs-on: ubuntu-latest
     environment: release
+    permissions:
+      contents: write
+      id-token: write
 
     steps:
       # Checkout the code
@@ -58,7 +59,6 @@ jobs:
       - uses: ./.github/actions/npm-publish
         with:
           version: ${{ steps.get_version.outputs.version }}
-          npm-token: ${{ secrets.npm-token }}
           release-directory: ${{ inputs.release-directory }}
 
       # Create a release for the tag

.github/workflows/release.yml

@@ -19,7 +19,6 @@ jobs:
   release:
     uses: ./.github/workflows/npm-release.yml
     secrets:
-      npm-token: ${{ secrets.NPM_TOKEN }}
       github-token: ${{ secrets.GITHUB_TOKEN }}
 
   publish-docs: