chore: enable OIDC npm publishing (#1682)

commit: fc213028f7b5955b5a515fff0d6949c5b896d686 [log] [tgz]
author: Chengzhong Wu <cwu631@bloomberg.net> Mon Sep 22 09:04:55 2025
committer: GitHub <noreply@github.com> Mon Sep 22 09:04:55 2025
tree: 8b48c152ae863d3cb21895112a39031af9918596
parent: b65e01b3ad21865fcdc9120730cea4b8a2330ef3 [diff]
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index dd5477b..a6e752e 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml

@@ -6,6 +6,10 @@
       - main
   workflow_dispatch:
 
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 jobs:
   release-please:
     runs-on: ubuntu-latest
@@ -42,8 +46,6 @@
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
-          node-version: lts/*
+          node-version: 24 # npm >= 11.5.1
           registry-url: 'https://registry.npmjs.org'
       - run: npm publish --provenance --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
commit	fc213028f7b5955b5a515fff0d6949c5b896d686	[log] [tgz]
author	Chengzhong Wu <cwu631@bloomberg.net>	Mon Sep 22 09:04:55 2025
committer	GitHub <noreply@github.com>	Mon Sep 22 09:04:55 2025
tree	8b48c152ae863d3cb21895112a39031af9918596
parent	b65e01b3ad21865fcdc9120730cea4b8a2330ef3 [diff]