From 3784d4914309fcbe5185bb834fc5cee5789ad8f7 Mon Sep 17 00:00:00 2001
From: Jaissica <jaissica.hora@rokt.com>
Date: Thu, 15 Jan 2026 10:14:17 -0500
Subject: [PATCH] ci: Update release workflow for npm OIDC authentication and
 bump up node version

---
 .github/workflows/pull-request.yml |  6 +++---
 .github/workflows/release.yml      | 16 +++++++++++++---
 package.json                       |  5 +++++
 release.sh                         |  6 +-----
 4 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 5b452be..cc7f3b9 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-node@v6.0.0
         with:
-          node-version: 18
+          node-version: 24
           cache: yarn
           cache-dependency-path: yarn.lock
 
@@ -73,7 +73,7 @@ jobs:
           uses: actions/checkout@v4
         - uses: actions/setup-node@v6.0.0
           with:
-            node-version: 18
+            node-version: 24
             cache: yarn
             cache-dependency-path: yarn.lock
 
@@ -101,7 +101,7 @@ jobs:
           uses: actions/checkout@v4
         - uses: actions/setup-node@v6.0.0
           with:
-            node-version: 18
+            node-version: 24
             cache: yarn
             cache-dependency-path: yarn.lock
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6252db4..e2e4ed8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
               uses: actions/checkout@v4
             - uses: actions/setup-node@v6.0.0
               with:
-                node-version: 18
+                node-version: 24
                 cache: yarn
                 cache-dependency-path: yarn.lock
 
@@ -47,6 +47,12 @@ jobs:
         name: Release and Sync Repos
         runs-on: ubuntu-latest
         needs: ['android-unit-tests', 'react-tests']
+        # OIDC permissions for npm trusted publishing
+        permissions:
+          contents: write
+          issues: write
+          pull-requests: write
+          id-token: write # Required for OIDC authentication with npm
         steps:
           - name: Checkout internal/development
             uses: actions/checkout@v4
@@ -54,13 +60,17 @@ jobs:
           - name: Setup Node.js
             uses: actions/setup-node@v6.0.0
             with:
-              node-version: 18
+              node-version: 24
+              registry-url: 'https://registry.npmjs.org'
 
           - name: Install node modules
             run: yarn install
+          
+          - name: Ensure npm CLI supports OIDC
+            run: npm install -g npm@latest
 
           - name: Build SDK
             run: yarn build
 
           - name: Release
-            run: ./release.sh ${{ secrets.NPM_TOKEN}}
\ No newline at end of file
+            run: ./release.sh
\ No newline at end of file
diff --git a/package.json b/package.json
index 205f24d..69cd365 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,11 @@
     "app.plugin.js",
     "plugin"
   ],
+  "publishConfig": {
+        "access": "public",
+        "provenance": true,
+        "registry": "https://registry.npmjs.org"
+  },
   "dependencies": {},
   "peerDependencies": {
     "react": ">= 16.0.0-alpha.12",
diff --git a/release.sh b/release.sh
index 25411e6..20c2dff 100755
--- a/release.sh
+++ b/release.sh
@@ -1,6 +1,2 @@
 #!/usr/bin/env bash
-: ${1?"NPM Token missing- usage: $0 {MY_NPM_TOKEN}"}
-
-touch .npmrc;
-echo "//registry.npmjs.org/:_authToken=$1" > .npmrc;
-npm publish;
\ No newline at end of file
+npm publish --provenance --access public
\ No newline at end of file