chore: update boilerplate release workflow to use Node.js 22.x and improve NPM publish step with trused publisher provenance and OIDC authentication.

Author: JeremyDolle

.github/workflows/boilerplate-release.yml

@@ -7,23 +7,29 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+
     steps:
       - uses: actions/checkout@v4
         with:
           ref: ${{ github.event.release.target_commitish }}
-      - uses: actions/setup-node@v3
+
+      - uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
-          registry-url: 'https://registry.npmjs.org'
+          node-version: "22.x"
+          registry-url: "https://registry.npmjs.org"
+
       - name: Bump version
         run: |
           git config --global user.name "ReactNativeBoilerplate Bot"
           git config --global user.email "j.dolle.bot@thecodingmachine.com"
           npm --no-git-tag-version version ${{ github.event.release.name }}
+
       - name: Publish to NPM
-        run: npm publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: npm publish --provenance
+
       - name: Commit and push
         run: |
           git add .