ci: Update staging-step-1.yml to support OIDC publishing (#1132)

rmi22186 · web-flow · commit a5bd593f8b03 · 2025-12-10T10:31:16.000-05:00
diff --git a/.github/workflows/staging-step-1.yml b/.github/workflows/staging-step-1.yml
@@ -253,13 +253,20 @@ jobs:
         runs-on: ubuntu-latest
         needs:
             - create-release-branch
+
+        # OIDC permissions for npm trusted publishing
+        permissions:
+            contents: write
+            issues: write
+            pull-requests: write
+            id-token: write
+
         env:
             GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
             GIT_AUTHOR_NAME: mparticle-automation
             GIT_AUTHOR_EMAIL: developers@mparticle.com
             GIT_COMMITTER_NAME: mparticle-automation
             GIT_COMMITTER_EMAIL: developers@mparticle.com
-            NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
         steps:
             - name: Checkout staging branch
@@ -284,6 +291,7 @@ jobs:
               uses: actions/setup-node@v3
               with:
                   node-version: 24.x
+                  registry-url: 'https://registry.npmjs.org'
 
             - name: Install dependencies
               run: npm ci
