fix: use OIDC trusted publishers for npm publish workflow

TMHSDigital · TMHSDigital · commit 005025eb0e83 · 2026-03-29T13:24:24.000-04:00
Made-with: Cursor
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -4,27 +4,30 @@ on:
   release:
     types: [published]
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   publish:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
+
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-node@v4
         with:
           node-version: 22
           registry-url: https://registry.npmjs.org
           cache: npm
           cache-dependency-path: mcp-server/package-lock.json
+
+      - run: npm install -g npm@latest
       - run: npm ci
         working-directory: mcp-server
       - run: npm run build
         working-directory: mcp-server
       - run: npm test
         working-directory: mcp-server
-      - run: npm publish --access public --provenance
+      - run: npm publish --provenance --access public
         working-directory: mcp-server
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
