Setup NPMJS trusted publishers

Also, align the release process of this repo with our other
repositories.

Author: NSeydoux

.github/workflows/release.yml

@@ -1,16 +1,19 @@
 name: Release
 
 on:
-  pull_request:
-    branches:
-      - main
-    types: [closed]
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+
+# Getting an ID token is required for NPMJS trusted publishers
+permissions:
+  id-token: write  # Required for OIDC
+  contents: read
 
 env:
   CI: true
 jobs:
-  release-new-version:
-    if: ${{ github.event.pull_request.merged && startsWith(github.head_ref, 'release/') }}
+  publish-npm:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
@@ -19,13 +22,12 @@ jobs:
           node-version: 22
           cache: npm
           registry-url: "https://registry.npmjs.org"
+      # Ensure npm 11.5.1 or later for trusted publishing
+      - run: npm install -g npm@latest
       - run: npm ci --workspaces
       # Running top-level ci should happen after workspaces level, running these
       # the other way around results in top-level dependencies (namely, lerna)
       # not being installed.
       - run: npm ci
       - run: npm run build
-      - run: npm run release
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.INRUPT_NPM_TOKEN }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: npx lerna publish from-package --yes --no-verify-access

README.md

@@ -10,20 +10,8 @@ This repository contains the following:
 
 First, decide on what type of release to perform, then:
 
-1. Run: `npm run prepare-release`
-
-   Follow the prompt and select the type of release:
-
-   - Patch (1.0.1)
-   - Minor (1.1.0)
-   - Major (2.0.0)
-   - Prepatch (1.0.1-alpha.0)
-   - Preminor (1.1.0-alpha.0)
-   - Premajor (2.0.0-alpha.0)
-
-   After confirming, this will update all the `package.json` versions to that new version number,
-   checkout a new branch `release/<version>` and commit the changed files.
-
-2. Push the branch & create a pull request
-
-3. Merge the pull request, and then let automation do the rest.
+1. Switch to a new branch
+2. Run `npm run lerna-version -- <major | minor | patch>, and commit the result
+3. Push the branch and create a pull request
+4. Once approved, merge the pull request and create a GH release with the latest version as a tag.
+   The tag being pushed will trigger CD.

package.json

@@ -9,7 +9,7 @@
     "clean": "lerna run clean",
     "release": "scripts/release.sh",
     "test:e2e:browser": "playwright test",
-    "prepare-release": "scripts/prepare-release.sh",
+    "lerna-version": "lerna version --no-push --no-git-tag-version",
     "lint": "npm run lint:check",
     "lint:check": "npm run lint:eslint",
     "lint:fix": "npm run lint:eslint -- --fix",