From ee751b578da5162427d39f8c011f036ea3c6278d Mon Sep 17 00:00:00 2001
From: Valeri Poboshkov <valeri@polymesh.network>
Date: Wed, 18 Feb 2026 13:43:18 +0200
Subject: [PATCH] ci: changing the action to use trusted publishing for npm
 packages

---
 .github/workflows/main.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 37fcf13..31b2eb8 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -32,6 +32,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: [lint]
     if: github.event_name == 'push'
+    permissions:
+      contents: write       # push release commits, tags, create GitHub Releases
+      issues: write         # @semantic-release/github comments on resolved issues
+      pull-requests: write  # @semantic-release/github comments on merged PRs
+      id-token: write       # OIDC token for npm trusted publishing
     steps:
       - uses: actions/checkout@v4
       - name: Enable Corepack
@@ -53,7 +58,6 @@ jobs:
       - name: release
         env:
           GITHUB_TOKEN: ${{ secrets.ASSOCIATION_RELEASE_TOKEN }}
-          NPM_TOKEN: ${{ secrets.ASSOCIATION_NPM_TOKEN }}
         run: |
           cd dist
           yarn --immutable