From 7ccdd13b86e75bc0914ee4b2dd758388271e63e9 Mon Sep 17 00:00:00 2001
From: Cahllagerfeld <43843195+Cahllagerfeld@users.noreply.github.com>
Date: Tue, 25 Nov 2025 10:46:41 +0100
Subject: [PATCH] ci: use npm trusted publish

---
 .github/workflows/release.yaml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 31d5106..a7fd638 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -7,6 +7,10 @@ on:
 
 jobs:
   release:
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write
     name: Release
     runs-on: ubuntu-latest
     steps:
@@ -16,11 +20,11 @@ jobs:
           # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
           fetch-depth: 0
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v6
         with:
-          node-version: 20
-      
-      - uses: pnpm/action-setup@v2
+          node-version: 24
+
+      - uses: pnpm/action-setup@v4
         with:
           version: latest
 
@@ -35,4 +39,4 @@ jobs:
           publish: pnpm changeset:publish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_CONFIG_PROVENANCE: true