Update CI to use npm OIDC trusted publishing

npm classic tokens were revoked on Dec 2025.
https://github.blog/changelog/2025-12-09-npm-classic-tokens-revoked-session-based-auth-and-cli-token-management-now-available/

Author: hyochan

.github/workflows/ci-deploy.yml

@@ -1,22 +1,31 @@
-  
 name: publish-package
 
 on:
   release:
     types: [created]
+
+permissions:
+  contents: read
+  id-token: write # Required for OIDC trusted publishing
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    # Setup .npmrc file to publish to npm
-    - uses: actions/setup-node@v2
-      with:
-        node-version: '16.x'
-        registry-url: 'https://registry.npmjs.org'
-        scope: '@react-native-seoul'
-    - run: yarn
-    - run: yarn build
-    - run: yarn publish
-      env:
-        NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+          registry-url: 'https://registry.npmjs.org'
+          scope: '@react-native-seoul'
+
+      - run: yarn install --frozen-lockfile
+
+      - run: yarn build
+
+      - name: Ensure npm CLI v11.5.1 or later (required for OIDC)
+        run: npm install -g npm@latest
+
+      - name: Publish to npm with OIDC trusted publishing
+        run: npm publish --access public --provenance