From 32136766e32ba4b23c5e0417e0796f9fbdc3270d Mon Sep 17 00:00:00 2001
From: Liran Cohen <c.liran.c@gmail.com>
Date: Wed, 4 Mar 2026 20:02:51 +0000
Subject: [PATCH] chore: switch npm publish to OIDC trusted publisher
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove NPM_TOKEN secret dependency — npm auth is now handled via
GitHub Actions OIDC (id-token: write was already set). Bump Node
to 22 as required by npm trusted publishing.

Requires configuring the trusted publisher on npmjs.com:
  Package:  @enbox/gitd
  Org:      enboxorg
  Repo:     gitd
  Workflow: npm-release.yml
---
 .github/workflows/npm-release.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml
index ae3dff6..b85fb9f 100644
--- a/.github/workflows/npm-release.yml
+++ b/.github/workflows/npm-release.yml
@@ -33,7 +33,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '22'
           registry-url: 'https://registry.npmjs.org'
 
       - name: Install dependencies
@@ -52,8 +52,6 @@ jobs:
           commit: 'chore: version packages'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   build-artifacts:
     name: Build ${{ matrix.target }}