ci: Update release workflow for npm OIDC authentication and bump up node version

Author: jaissica12

.github/workflows/pull-request.yml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v4
       - uses: actions/setup-node@v6.0.0
         with:
-          node-version: 18
+          node-version: 24
           cache: yarn
           cache-dependency-path: yarn.lock
 
@@ -73,7 +73,7 @@ jobs:
           uses: actions/checkout@v4
         - uses: actions/setup-node@v6.0.0
           with:
-            node-version: 18
+            node-version: 24
             cache: yarn
             cache-dependency-path: yarn.lock
 
@@ -101,7 +101,7 @@ jobs:
           uses: actions/checkout@v4
         - uses: actions/setup-node@v6.0.0
           with:
-            node-version: 18
+            node-version: 24
             cache: yarn
             cache-dependency-path: yarn.lock
 

.github/workflows/release.yml

@@ -22,7 +22,7 @@ jobs:
               uses: actions/checkout@v4
             - uses: actions/setup-node@v6.0.0
               with:
-                node-version: 18
+                node-version: 24
                 cache: yarn
                 cache-dependency-path: yarn.lock
 
@@ -47,20 +47,30 @@ jobs:
         name: Release and Sync Repos
         runs-on: ubuntu-latest
         needs: ['android-unit-tests', 'react-tests']
+        # OIDC permissions for npm trusted publishing
+        permissions:
+          contents: write
+          issues: write
+          pull-requests: write
+          id-token: write # Required for OIDC authentication with npm
         steps:
           - name: Checkout internal/development
             uses: actions/checkout@v4
 
           - name: Setup Node.js
             uses: actions/setup-node@v6.0.0
             with:
-              node-version: 18
+              node-version: 24
+              registry-url: 'https://registry.npmjs.org'
 
           - name: Install node modules
             run: yarn install
+          
+          - name: Ensure npm CLI supports OIDC
+            run: npm install -g npm@latest
 
           - name: Build SDK
             run: yarn build
 
           - name: Release
-            run: ./release.sh ${{ secrets.NPM_TOKEN}}
+            run: ./release.sh

package.json

@@ -29,6 +29,11 @@
     "app.plugin.js",
     "plugin"
   ],
+  "publishConfig": {
+        "access": "public",
+        "provenance": true,
+        "registry": "https://registry.npmjs.org"
+  },
   "dependencies": {},
   "peerDependencies": {
     "react": ">= 16.0.0-alpha.12",

release.sh

@@ -1,6 +1,2 @@
 #!/usr/bin/env bash
-: ${1?"NPM Token missing- usage: $0 {MY_NPM_TOKEN}"}
-
-touch .npmrc;
-echo "//registry.npmjs.org/:_authToken=$1" > .npmrc;
-npm publish;
+npm publish --provenance --access public