ci(release.yml): update to use oidc token

Signed-off-by: Vaughn Dice <[email protected]>

Author: vdice

.github/workflows/release.yml

@@ -14,6 +14,8 @@ jobs:
   crates:
     name: Publish to crates.io
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # required for OIDC token exchange (crates-io-auth-action)
     if: |
       startsWith(github.ref, 'refs/tags/v') &&
       github.repository_owner == 'spinframework'
@@ -26,17 +28,23 @@ jobs:
           rustup toolchain install ${{ env.RUST_VERSION }}
           rustup default ${{ env.RUST_VERSION }}
 
+      - uses: rust-lang/[email protected]
+        id: auth
+
       - name: Publish spin-executor to crates.io
         working-directory: ./crates/executor
-        run: |
-          cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        run: cargo publish
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
 
       - name: Publish spin-macro to crates.io
         working-directory: ./crates/macro
-        run: |
-          cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        run: cargo publish
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
 
       - name: Publish spin-sdk to crates.io
         working-directory: ./
-        run: |
-          cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        run: cargo publish
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}