From b875d1104af599a59370c29e4ac41a0f1bb6a68e Mon Sep 17 00:00:00 2001
From: Nicolas Ayral Seydoux <nseydoux@inrupt.com>
Date: Mon, 20 Oct 2025 13:22:29 +0200
Subject: [PATCH] Setup NPMJS trusted publishers

Get an ID token to authenticate the github CI runner as a trusted
publisher for the package
---
 .github/workflows/release.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f18a949..4aa92b7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,11 @@ on:
     tags:
       - v[0-9]+.[0-9]+.[0-9]+
 
+# Getting an ID token is required for NPMJS trusted publishers
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
+
 env:
   CI: true
 jobs:
@@ -20,6 +25,4 @@ jobs:
           cache: "npm"
 
       - run: npm ci
-      - run: npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.INRUPT_NPM_TOKEN }}
+      - run: npm publish