From b3f6ff4e2aa2b232715492db560e36f1372bc32a Mon Sep 17 00:00:00 2001
From: thc202 <thc202@gmail.com>
Date: Tue, 16 Dec 2025 10:14:51 +0000
Subject: [PATCH] Use trusted publishing

Update the publish workflow to use trusted publishing.

Signed-off-by: thc202 <thc202@gmail.com>
---
 .github/workflows/publish.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 3e8686a..7dcd406 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,6 +5,10 @@ on:
     tags:
       - v*
 
+permissions:
+  id-token: write # Required for OIDC
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -12,9 +16,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v6
         with:
-          node-version: 17
+          node-version: 24
           registry-url: 'https://registry.npmjs.org'
       - run: npm ci
       - run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.ZAPBOT_NPM_TOKEN }}