From e7ed0d37ef6e5a7e3c0e10b32ad7da14cc05b925 Mon Sep 17 00:00:00 2001
From: Bart Veneman <bartveneman@gmail.com>
Date: Fri, 24 Oct 2025 15:49:46 +0200
Subject: [PATCH] chore: set up trusted publishing

---
 .github/workflows/release.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d9ba9dc..3332d48 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,6 +7,10 @@ on:
   release:
     types: [created]
 
+permissions:
+  id-token: write # required for OIDC
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -14,7 +18,6 @@ jobs:
       - uses: actions/checkout@v5
       - uses: actions/setup-node@v5
         with:
-          cache: "npm"
           node-version: 22
       - run: npm ci --ignore-scripts --no-audit --no-fund
       - run: npm test
@@ -27,10 +30,8 @@ jobs:
       - uses: actions/setup-node@v5
         with:
           node-version: 22
-          cache: "npm"
           registry-url: https://registry.npmjs.org/
+      - run: npm install -g npm@latest
       - run: npm ci --ignore-scripts --no-audit --no-fund
       - run: npm run build
-      - run: npm publish --public
-        env:
-          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
\ No newline at end of file
+      - run: npm publish --access public