From 854ca268831dfc7155ad746c943b490d40bbab95 Mon Sep 17 00:00:00 2001
From: Stephane Moser <moser.sts@gmail.com>
Date: Thu, 21 May 2026 22:10:27 +0100
Subject: [PATCH] CICDL-258: switch to OIDC Trusted Publishers for npm publish

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/cicd_npm-publish.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/cicd_npm-publish.yml b/.github/workflows/cicd_npm-publish.yml
index bdbf55c9..f01d063c 100644
--- a/.github/workflows/cicd_npm-publish.yml
+++ b/.github/workflows/cicd_npm-publish.yml
@@ -9,6 +9,10 @@ jobs:
   publish:
     if: ${{ github.event.label.name == 'npm-ready-for-publish' }}
     uses: pipedrive-actions/github-actions-workflows/.github/workflows/reusable_cicd-npm-publish.yml@master
+    permissions:
+      id-token: write
+      contents: write
     with:
       revision: ${{ github.event.pull_request.head.ref }}
+      use_trusted_publisher: true
     secrets: inherit
\ No newline at end of file