From 421e2398cfef0fa6bbe7a78951a1d90c83e67f7b Mon Sep 17 00:00:00 2001
From: avivkeller <me@aviv.sh>
Date: Sun, 17 Aug 2025 15:15:36 -0400
Subject: [PATCH] chore(publishing): use oidc

---
 .github/workflows/publish-packages.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-packages.yml b/.github/workflows/publish-packages.yml
index 7c9a0bc6f6a15..dcccabed6b39c 100644
--- a/.github/workflows/publish-packages.yml
+++ b/.github/workflows/publish-packages.yml
@@ -17,6 +17,8 @@ on:
 
 permissions:
   contents: read
+  # For npm OIDC (https://docs.npmjs.com/trusted-publishers)
+  id-token: write
 
 env:
   COMMIT_SHA: ${{ github.sha }}
@@ -115,8 +117,6 @@ jobs:
 
       - name: Publish
         working-directory: packages/${{ matrix.package }}
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           # Install deps
           pnpm install --frozen-lockfile