From 19c0195c3876506f75f27323e96ca3e80d0585c6 Mon Sep 17 00:00:00 2001
From: Rando Luik <randoluikrl@gmail.com>
Date: Fri, 5 Jun 2026 15:39:43 +0300
Subject: [PATCH] Implement trusted publishing

---
 .github/workflows/release.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5aef8bad..01ac1369 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,6 +3,10 @@ on:
     types:
       - published
 
+permissions:
+  id-token: write
+  contents: read
+
 defaults:
   run:
     working-directory: ./packages/javascript-api
@@ -13,12 +17,10 @@ jobs:
     name: Publish to NPM Registry
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v6
         with:
-          node-version: 20.x
-          cache: 'yarn'
-          always-auth: true
+          node-version: 24.x
           registry-url: https://registry.npmjs.org
       - name: Install Deps
         run: yarn install --immutable
@@ -26,5 +28,3 @@ jobs:
         run: yarn build
       - name: Publish package to NPM
         run: yarn npm publish
-        env:
-          YARN_NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}