diff --git a/.github/workflows/deploy-sdk.yml b/.github/workflows/deploy-sdk.yml
index a5a6a183..04bbdaa0 100644
--- a/.github/workflows/deploy-sdk.yml
+++ b/.github/workflows/deploy-sdk.yml
@@ -7,6 +7,7 @@ on:
     branches: [main] # all branches where deployments currently occur. Make sure this list matches list of branches in  `.releaserc` file.
 
 permissions:
+  id-token: write
   contents: write # access to push the git tag
   issues: write # Bot creates an issue if there is an issue during deployment process
   pull-requests: write # allow bot to make comments on PRs after they get deployed
@@ -122,6 +123,7 @@ jobs:
     name: Deploy to npm
     needs: [deploy-git-tag]
     if: needs.deploy-git-tag.outputs.new_release_published == 'true' # only run if a git tag was made.
+    environment: release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -132,14 +134,19 @@ jobs:
         with:
           node-version: '20'
           cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
 
-      - run: npm ci
+      - name: Install npm 11.5.1+ for OIDC support
+        run: npm install -g npm@latest
 
-      - name: Deploy to npm
-        run: ./scripts/deploy-code.sh
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          IS_PRERELEASE: false # at this time, all deployments are made to `main` production branch
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run pre-deploy
+        run: npm run pre-deploy
+
+      - name: Publish to npm
+        run: npm publish --tag latest
 
       - name: Notify team of successful deployment
         uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0