ci: use npm trusted publishing with OIDC provenance #4

	name: Changesets

	on:
	push:
	branches: [dev]

	concurrency: ${{ github.workflow }}-${{ github.ref }}

	jobs:
	release:
	runs-on: ubuntu-latest

	permissions:
	contents: write
	pull-requests: write
	id-token: write

	steps:
	- uses: actions/checkout@v4

	- uses: oven-sh/setup-bun@v2
	with:
	bun-version: latest

	- name: Install dependencies
	run: bun install

	- name: Build
	run: bun run build

	- name: Create release PR or publish
	uses: changesets/action@v1
	with:
	publish: bun run release
	version: bun run version
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	NPM_CONFIG_PROVENANCE: true

Provide feedback