From 786b1959ff3008bacd4eaa1035385f4b70ac6b0a Mon Sep 17 00:00:00 2001
From: James Kebinger <james.kebinger@prefab.cloud>
Date: Fri, 14 Nov 2025 14:27:12 -0600
Subject: [PATCH] chore: remove NPM_AUTH_TOKEN from release workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Now using npm trusted publishing with provenance, so the NPM_AUTH_TOKEN environment variable is no longer needed. The workflow already has the necessary permissions (id-token: write) and uses the --provenance flag for secure publishing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/release.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 19f4c73..b5b31e6 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,8 +53,6 @@ jobs:
       id-token: write
     outputs:
       published-version: ${{ needs.check-version.outputs.current-version }}
-    env:
-      NPM_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
     steps:
       - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm