chore: Fix release (#505)

Author: lantoli

.github/workflows/release.yml

@@ -62,6 +62,7 @@ jobs:
     permissions:
       contents: read
       issues: write
+      id-token: write # required for provenance
     steps:
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
         with:
@@ -76,10 +77,9 @@ jobs:
         continue-on-error: true
       - name: Publish to npm with provenance
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          cd dist/js
-          npm publish --provenance --access public --tag latest
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true
+        run: npx -p publib@latest publib-npm
       - name: Extract Version
         id: extract-version
         if: ${{ failure() }}
@@ -175,7 +175,9 @@ jobs:
         env:
           TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
           TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
-        run: twine upload dist/*
+        run: |
+          pip install twine
+          twine upload dist/python/*.whl dist/python/*.tar.gz
       - name: Extract Version
         id: extract-version
         if: ${{ failure() }}
@@ -315,6 +317,7 @@ jobs:
           labels: failed-release
           title: Publishing v${{ steps.extract-version.outputs.VERSION }} to GitHub Releases failed
           body: See https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
       - name: Generate PURL and SBOM
         run: |
           ./scripts/compliance/gen-purls.sh
@@ -328,7 +331,7 @@ jobs:
           SILKBOMB_IMG: ${{ vars.SILKBOMB_IMG }}
           KONDUKTO_REPO: ${{ vars.KONDUKTO_REPO }}
           KONDUKTO_BRANCH_PREFIX: ${{ vars.KONDUKTO_BRANCH_PREFIX }}
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+    
       - name: Generate SSDLC report
         run: |
           AUTHOR="${{ github.actor }}"