ci: pin to version v3.1.0

Tanjeem Hossain · Tanjeem Hossain · commit 9879e61d78cd · 2025-11-04T12:13:06.000-05:00
The reason we are using the "ci" prefix for the commit message is because We do not want to actually trigger a new release here, take a look at DX-2123 for more details. Now that `npm-token` is no longer a required secret, we can check the release logs and see that OIDC Trusted Publishing is being used. The change to the `npm-token` requirement was made in the pinned SHA version 3.1.0 of semantic-release-action/typescript. Ticket: DX-2243
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -22,8 +22,6 @@ on:
 
 jobs:
   release:
-    uses: semantic-release-action/typescript/.github/workflows/release.yml@1d40c29e2d500f3bcceeb13f95d26a3a1b571f51 # v3.0.20
-    secrets:
-      npm-token: "FAKE_NPM_TOKEN_FOR_SEMANTIC_RELEASE"
+    uses: semantic-release-action/typescript/.github/workflows/release.yml@70c4b6f612fd516692472d20eac1c590ac08cd20 # v3.1.0
     with:
       disable-semantic-release-git: true
