From 68c5bd160c794044287309c11225d81f38aedf22 Mon Sep 17 00:00:00 2001
From: Matteo Piano <mpiano@yelp.com>
Date: Mon, 20 Oct 2025 12:04:18 +0100
Subject: [PATCH 1/2] set up "trusted publishers" for releasing to npm

---
 .github/workflows/release.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a7f2470..6d480ca 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,9 @@ on:
     release:
         types: [created]
 
+permissions:
+    id-token: write # required for publishing
+
 jobs:
     test:
         runs-on: ubuntu-22.04
@@ -27,7 +30,6 @@ jobs:
               with:
                   node-version: 22
                   registry-url: https://registry.npmjs.org/
+            - run: npm install -g yarn@latest
             - run: yarn
             - run: yarn publish
-              env:
-                  NODE_AUTH_TOKEN: ${{secrets.npm_token}}

From 8c586dfa12c8ba72a5e5a6d93680f19c65215fbb Mon Sep 17 00:00:00 2001
From: Matteo Piano <mpiano@yelp.com>
Date: Mon, 27 Oct 2025 16:28:43 +0000
Subject: [PATCH 2/2] move permissions under publish-npm

---
 .github/workflows/release.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6d480ca..4121d26 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,9 +4,6 @@ on:
     release:
         types: [created]
 
-permissions:
-    id-token: write # required for publishing
-
 jobs:
     test:
         runs-on: ubuntu-22.04
@@ -24,6 +21,8 @@ jobs:
     publish-npm:
         needs: test
         runs-on: ubuntu-22.04
+        permissions:
+            id-token: write # required for publishing
         steps:
             - uses: actions/checkout@v2
             - uses: actions/setup-node@v2