ci: updated ci config to use oidc auth for npm publish instead of old token system

Author: JairajJangle

.github/actions/setup/action.yml

@@ -9,30 +9,60 @@ runs:
       with:
         node-version-file: .nvmrc
 
-    - name: Restore dependencies
-      id: yarn-cache
+    # Create a minimal .yarnrc.yml without any plugin references
+    - name: Create minimal Yarn config
+      run: |
+        cat > .yarnrc.yml << EOF
+        nodeLinker: node-modules
+        nmHoistingLimits: workspaces
+        EOF
+      shell: bash
+
+    # Setup Corepack for proper Yarn version management
+    - name: Setup Corepack and Yarn
+      run: |
+        corepack enable
+        corepack prepare yarn@4.9.2 --activate
+        yarn --version
+      shell: bash
+
+    - name: Configure Yarn and Generate .yarnrc.yml
+      run: |
+        yarn set version 4.9.2
+        yarn config set nodeLinker node-modules
+        yarn config set nmHoistingLimits workspaces
+      shell: bash
+
+    - name: Verify .yarnrc.yml
+      run: |
+        cat .yarnrc.yml
+      shell: bash
+
+    - name: Restore Yarn Cache
       uses: actions/cache/restore@v4
+      id: yarn-cache
       with:
         path: |
           **/node_modules
+          .yarn/cache
+          .yarn/unplugged
           .yarn/install-state.gz
         key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}-${{ hashFiles('**/package.json', '!node_modules/**') }}
         restore-keys: |
           ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
           ${{ runner.os }}-yarn-
 
     - name: Install dependencies
-      if: steps.yarn-cache.outputs.cache-hit != 'true'
-      run: |
-        yarn install --cwd example --frozen-lockfile
-        yarn install --frozen-lockfile
+      run: yarn install
       shell: bash
 
-    - name: Cache dependencies
-      if: steps.yarn-cache.outputs.cache-hit != 'true'
+    - name: Save Yarn Cache
       uses: actions/cache/save@v4
+      if: steps.yarn-cache.outputs.cache-hit != 'true'
       with:
         path: |
           **/node_modules
+          .yarn/cache
+          .yarn/unplugged
           .yarn/install-state.gz
-        key: ${{ steps.yarn-cache.outputs.cache-primary-key }}
+        key: ${{ steps.yarn-cache.outputs.cache-primary-key }}

.github/workflows/ci.yml

@@ -184,15 +184,8 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: "lts/*"  # Use the latest LTS version of Node.js
-          registry-url: 'https://registry.npmjs.org/'  # Specify npm registry
-
-      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
-        run: npm audit signatures  # Check the signatures to verify integrity
 
       - name: Release
         run: npx semantic-release  # Run semantic-release to manage versioning and publishing
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # GitHub token for authentication
-
-          # Why NODE_AUTH_TOKEN instead of NPM_TOKEN: https://github.com/semantic-release/semantic-release/issues/2313
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}  # npm token for publishing package
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # GitHub token for authentication

release.config.js

@@ -14,7 +14,6 @@ module.exports = {
       '@semantic-release/npm',
       {
         npmPublish: true,
-        tag: 'beta', // Publishes with a 'beta' tag to npm
       },
     ],
     '@semantic-release/github', // Handles GitHub releases