From 7e0cf89af4c1104087540b592b8b3faf1f02e036 Mon Sep 17 00:00:00 2001
From: Neta <neta.molcho@sap.com>
Date: Tue, 17 Feb 2026 15:45:37 +0200
Subject: [PATCH] chore: move project to trusted publishers

---
 .github/workflows/release.yml | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6d5e64e..64a0bbd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,6 +3,9 @@ on:
   push:
     tags:
       - "v*.*.*"
+permissions:
+  id-token: write
+  contents: write
 jobs:
   release:
     runs-on: ubuntu-latest
@@ -23,17 +26,6 @@ jobs:
       - name: Build
         run: pnpm run ci
 
-      - name: npm auth setup
-        # we are using `lerna` to publish which does not use `pnpm`
-        # so the auth setup is done with `npm` commands instead of `pnpm`
-        # note we are using `>` instead of `>>` and replace the whole `.npmrc` contents
-        run: |
-          npm logout || true
-          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc
-          npm whoami
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-
       - name: Publish to NPM
         run: pnpm run release:publish