Update release workflow with OIDC permissions

KMKoushik · web-flow · commit b0575ea9fcab · 2026-01-18T21:54:08.000+11:00
Added permissions for OIDC and updated job steps.
diff --git a/.github/workflows/release-js-package.yml b/.github/workflows/release-js-package.yml
@@ -8,6 +8,10 @@ on:
       - "packages/sdk/**" # Trigger only changes in packages
       - ".github/workflows/release-js-package.yml"
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs:
@@ -31,13 +35,5 @@ jobs:
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
-      - name: Create .npmrc file
-        run: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > .npmrc
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
       - name: Publish
         run: pnpm publish-sdk
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
