Merge pull request #43 from contentpass/chore-trusted-publishing

Trusted publishing for npm packages

Author: 0x7f

.github/workflows/release.yml

@@ -1,6 +1,11 @@
 name: Release & Publish to NPM
 on: workflow_dispatch
 
+# See https://docs.npmjs.com/trusted-publishers
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -9,16 +14,10 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.RELEASE_GITHUB_TOKEN }}
 
       - name: Setup
         uses: ./.github/actions/setup
 
-      - name: Initialise the NPM config
-        run: npm config set //registry.npmjs.org/:_authToken $NPM_TOKEN
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
       - name: Initialize Git user
         run: |
           git config --global user.email "[email protected]"
@@ -29,6 +28,3 @@ jobs:
 
       - name: Run release
         run: npm run release --ci
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}