From 896d65b21f61bb30e4d6ce45b2f78901baa57e1a Mon Sep 17 00:00:00 2001
From: Valentin Maerten <maerten.valentin@gmail.com>
Date: Sun, 7 Dec 2025 09:55:18 +0100
Subject: [PATCH] ci(release): switch to npm trusted publishers with OIDC
 (#2550)

---
 .github/workflows/release.yml | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 57255623..2dfa2360 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,10 @@ on:
     tags:
       - 'v*'
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
@@ -19,9 +23,14 @@ jobs:
         with:
           go-version: 1.25.x
 
-      - name: npm-login
-        run: |
-          npm config set '//registry.npmjs.org/:_authToken'=${{ secrets.NPM_TOKEN }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Update npm
+        run: npm install -g npm@latest
+
       - name: Install Task
         uses: go-task/setup-task@v1