diff --git a/.github/workflows/codemod_publish.yml b/.github/workflows/codemod_publish.yml
index 4cd03737..f9907dc3 100644
--- a/.github/workflows/codemod_publish.yml
+++ b/.github/workflows/codemod_publish.yml
@@ -15,11 +15,25 @@ on:
         required: true
         type: string
 
+permissions:
+    id-token: write
+    contents: read
+
+jobs:
+  validate-and-publish:
+    name: Validate and Publish Codemod
+    runs-on: ubuntu-latest
+
+permissions: read-all
+
 jobs:
   validate-and-publish:
     name: Validate and Publish Codemod
     runs-on: ubuntu-latest
 
+    permissions:
+        id-token: write
+        contents: read
     outputs:
       version: ${{ steps.parse-tag.outputs.version }}
       codemod-name: ${{ steps.parse-tag.outputs.codemod-name }}
@@ -103,14 +117,11 @@ jobs:
         working-directory: ${{ steps.parse-tag.outputs.codemod-path }}
         run: node --test
 
-      - name: Authenticate with Codemod registry
-        env:
-          CODEMOD_TOKEN: ${{ secrets.CODEMOD_TOKEN }}
-        run: npx codemod login --api-key "$CODEMOD_TOKEN"
 
-      - name: Publish codemod
-        working-directory: ${{ steps.parse-tag.outputs.codemod-path }}
-        run: npx codemod publish
+      - name: Publish codemod to registry
+        uses: codemod/publish-action@dd6c8dbc5ceb1a6146feba41481d88b43da50024 # v1
+        with:
+            path: ${{ steps.parse-tag.outputs.codemod-path }}
 
       - name: Create release summary
         env: