ci: Update release workflow for npm OIDC authentication

Author: rmi22186

.github/workflows/release.yml

@@ -239,13 +239,19 @@ jobs:
         runs-on: ubuntu-latest
         needs:
             - create-release-branch
+
+        # OIDC permissions for npm trusted publishing
+        permissions:
+            id-token: write
+            contents: read
+
         env:
             GITHUB_TOKEN: ${{ secrets.MP_SEMANTIC_RELEASE_BOT }}
             GIT_AUTHOR_NAME: mparticle-automation
             GIT_AUTHOR_EMAIL: [email protected]
             GIT_COMMITTER_NAME: mparticle-automation
             GIT_COMMITTER_EMAIL: [email protected]
-            NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+            # NPM_TOKEN no longer required - using OIDC trusted publishing
 
         steps:
             - name: Checkout public master branch
@@ -270,6 +276,7 @@ jobs:
               uses: actions/setup-node@v3
               with:
                   node-version: latest
+                  registry-url: 'https://registry.npmjs.org'
 
             - name: Install dependencies
               run: npm ci
@@ -279,7 +286,7 @@ jobs:
               run: |
                   npx semantic-release --dry-run
 
-            # NPM Publish happens here
+            # NPM Publish happens here via OIDC trusted publishing
             - name: Release
               if: ${{ github.event.inputs.dryRun == 'false'}}
               run: |