diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index cccd20ab..c0c44701 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,9 @@ jobs:
       issues: write
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
+        with:
+          fetch-depth: 0
+          ref: main
       - name: Set git config safe.directory
         run: git config --global --add safe.directory "$(pwd)"
       - name: Set git identity
@@ -57,7 +60,7 @@ jobs:
     permissions:
       contents: read
       issues: write
-      id-token: write # Required for provenance & Trusted Publishing.
+      id-token: write # Required for Trusted Publishing.
     steps:
       - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903
         with:
@@ -71,11 +74,9 @@ jobs:
       - name: Restore build artifact permissions
         run: cd dist && setfacl --restore=permissions-backup.acl
         continue-on-error: true
-      - name: Install dependencies
-        run: npm ci
-      - name: Publish to npm with provenance
+      - name: Publish to npm
         env:
-          NPM_CONFIG_PROVENANCE: true
+          NPM_TRUSTED_PUBLISHER: true
         run: npx -p publib@latest publib-npm
   release_maven:
     name: Publish to Maven Central