From 15770a0b357cc740180f7a843c0dbe3ef3d8158f Mon Sep 17 00:00:00 2001
From: Alex Rudenko <alexrudenko@chromium.org>
Date: Tue, 16 Sep 2025 17:44:36 +0200
Subject: [PATCH] ci: setup publishing oicd

---
 .github/workflows/publish-to-npm-on-tag.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/publish-to-npm-on-tag.yml b/.github/workflows/publish-to-npm-on-tag.yml
index 38b5197fa..92229c2ae 100644
--- a/.github/workflows/publish-to-npm-on-tag.yml
+++ b/.github/workflows/publish-to-npm-on-tag.yml
@@ -5,6 +5,10 @@ on:
     tags:
       - 'chrome-devtools-mcp-v*'
 
+permissions:
+  id-token: write # Required for OIDC
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -30,10 +34,5 @@ jobs:
         run: npm run build
 
       - name: Publish
-        env:
-          NPM_TOKEN: ${{secrets.NPM_TOKEN}}
-          TAG_NAME: ${{github.ref_name}}
         run: |
-          npm config set registry 'https://wombat-dressing-room.appspot.com/'
-          npm config set '//wombat-dressing-room.appspot.com/:_authToken' '${NPM_TOKEN}'
           npm publish --provenance --access public