ci: use npm trusted publishing (#307) #12

	name: Release

	on:
	push:
	branches:
	- main

	jobs:
	test:
	uses: ./.github/workflows/test.yml

	release:
	name: Release
	runs-on: ubuntu-latest
	needs: test
	environment: npm-trusted-publisher
	permissions:
	id-token: write # for publishing releases
	steps:
	- name: Checkout
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	persist-credentials: false
	- name: Setup Node.js
	uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
	with:
	node-version-file: .nvmrc
	package-manager-cache: false
	- name: Install
	run: yarn install --immutable
	- name: Get GitHub app token
	id: secret-service
	uses: electron/secret-service-action@3476425e8b30555aac15b1b7096938e254b0e155 # v1.0.0
	- name: Run semantic release
	uses: electron/semantic-trusted-release@5eceb399ac8de8863205cf6e34109bce473ba566 # v1.0.1
	with:
	github-token: ${{ fromJSON(steps.secret-service.outputs.secrets).GITHUB_TOKEN }}

Provide feedback