Migrate to NPM trusted publishing (#7)

* Initial plan

* Implement NPM trusted publishing with actions/setup-node@v6 and npm@11.5.1

Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: dmattia <8922077+dmattia@users.noreply.github.com>

Author: Copilot

.github/workflows/ci.yml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3.1.1
+      - uses: actions/setup-node@v6
         with:
           node-version: '22.18.0'
       - run: npm install -g "yarn@1.22.5"
@@ -33,7 +33,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}
       - uses: nick-fields/retry@v2
@@ -49,7 +49,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Use Node.js 22.x
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
       - uses: nick-fields/retry@v2
@@ -68,7 +68,7 @@ jobs:
           fetch-depth: 100 # need the history to do a changed files check below (source, origin)
       - uses: actions/setup-python@v2
       - name: Use Node.js 22.x
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
       - uses: nick-fields/retry@v2
@@ -84,28 +84,33 @@ jobs:
   build-to-npm:
     if: github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
     needs:
       - run-depcheck
       - build-and-upload-artifacts
       - run-pre-commits
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v6
         with:
           node-version: '22.x'
+      # See: https://docs.npmjs.com/trusted-publishers
+      # See: https://github.com/actions/setup-node/issues/1445
+      - name: Set npm to version that supports trusted publishers
+        run: npm install -g npm@11.5.1
+        shell: bash
       - uses: nick-fields/retry@v2
         with:
           timeout_minutes: 6
           max_attempts: 3
           retry_on: error
           command: yarn install --immutable
-      - name: Configure NPM authentication
-        run: |
-          yarn config set npmAlwaysAuth true
-          yarn config set npmAuthToken ${{ secrets.NPM_TOKEN }}
       - name: Publish to yarn/npm
-        run: yarn npm publish
+        run: NODE_AUTH_TOKEN="" yarn npm publish
 
   build-to-github-packages:
     if: github.ref == 'refs/heads/main'
@@ -117,7 +122,7 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v6
         with:
           node-version: '22.x'
       - uses: nick-fields/retry@v2

package.json

@@ -2,7 +2,7 @@
   "author": "Transcend Inc.",
   "name": "@transcend-io/handlebars-utils",
   "description": "Utility functions for handlebars templating with Transcend - available in node and client side.",
-  "version": "1.3.0",
+  "version": "1.3.1",
   "homepage": "https://github.com/transcend-io/handlebars-utils",
   "repository": {
     "type": "git",