From 14140d98f2c36d03d004510e15fdb0b5baa8fa23 Mon Sep 17 00:00:00 2001
From: Jaissica <jaissica.hora@rokt.com>
Date: Thu, 15 Jan 2026 10:14:17 -0500
Subject: [PATCH 1/3] ci: Update release workflow for npm OIDC authentication
 and bump up node version

---
 .github/workflows/pull-request.yml |  6 +++---
 .github/workflows/release.yml      | 16 +++++++++++++---
 package.json                       |  5 +++++
 release.sh                         |  6 +-----
 4 files changed, 22 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 44d64e1..9ef833f 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@v6
       - uses: actions/setup-node@v6.2.0
         with:
-          node-version: 18
+          node-version: 24
           cache: yarn
           cache-dependency-path: yarn.lock
 
@@ -73,7 +73,7 @@ jobs:
           uses: actions/checkout@v6
         - uses: actions/setup-node@v6.2.0
           with:
-            node-version: 18
+            node-version: 24
             cache: yarn
             cache-dependency-path: yarn.lock
 
@@ -101,7 +101,7 @@ jobs:
           uses: actions/checkout@v6
         - uses: actions/setup-node@v6.2.0
           with:
-            node-version: 18
+            node-version: 24
             cache: yarn
             cache-dependency-path: yarn.lock
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 78661e2..d332c0d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,7 +22,7 @@ jobs:
               uses: actions/checkout@v6
             - uses: actions/setup-node@v6.2.0
               with:
-                node-version: 18
+                node-version: 24
                 cache: yarn
                 cache-dependency-path: yarn.lock
 
@@ -47,6 +47,12 @@ jobs:
         name: Release and Sync Repos
         runs-on: ubuntu-latest
         needs: ['android-unit-tests', 'react-tests']
+        # OIDC permissions for npm trusted publishing
+        permissions:
+          contents: write
+          issues: write
+          pull-requests: write
+          id-token: write # Required for OIDC authentication with npm
         steps:
           - name: Checkout internal/development
             uses: actions/checkout@v6
@@ -54,13 +60,17 @@ jobs:
           - name: Setup Node.js
             uses: actions/setup-node@v6.2.0
             with:
-              node-version: 18
+              node-version: 24
+              registry-url: 'https://registry.npmjs.org'
 
           - name: Install node modules
             run: yarn install
+          
+          - name: Ensure npm CLI supports OIDC
+            run: npm install -g npm@latest
 
           - name: Build SDK
             run: yarn build
 
           - name: Release
-            run: ./release.sh ${{ secrets.NPM_TOKEN}}
\ No newline at end of file
+            run: ./release.sh
\ No newline at end of file
diff --git a/package.json b/package.json
index 205f24d..69cd365 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,11 @@
     "app.plugin.js",
     "plugin"
   ],
+  "publishConfig": {
+        "access": "public",
+        "provenance": true,
+        "registry": "https://registry.npmjs.org"
+  },
   "dependencies": {},
   "peerDependencies": {
     "react": ">= 16.0.0-alpha.12",
diff --git a/release.sh b/release.sh
index 25411e6..20c2dff 100755
--- a/release.sh
+++ b/release.sh
@@ -1,6 +1,2 @@
 #!/usr/bin/env bash
-: ${1?"NPM Token missing- usage: $0 {MY_NPM_TOKEN}"}
-
-touch .npmrc;
-echo "//registry.npmjs.org/:_authToken=$1" > .npmrc;
-npm publish;
\ No newline at end of file
+npm publish --provenance --access public
\ No newline at end of file

From 39f28f521a5d23a8bcb05ef42da438de48d92d55 Mon Sep 17 00:00:00 2001
From: Jaissica <jaissica.hora@rokt.com>
Date: Wed, 4 Feb 2026 15:52:23 -0500
Subject: [PATCH 2/3] bump github actions version

---
 .github/workflows/release.yml | 2 +-
 package.json                  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d332c0d..dbdac5b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -65,7 +65,7 @@ jobs:
 
           - name: Install node modules
             run: yarn install
-          
+
           - name: Ensure npm CLI supports OIDC
             run: npm install -g npm@latest
 
diff --git a/package.json b/package.json
index 69cd365..d08c4f5 100644
--- a/package.json
+++ b/package.json
@@ -30,9 +30,9 @@
     "plugin"
   ],
   "publishConfig": {
-        "access": "public",
-        "provenance": true,
-        "registry": "https://registry.npmjs.org"
+      "access": "public",
+      "provenance": true,
+      "registry": "https://registry.npmjs.org"
   },
   "dependencies": {},
   "peerDependencies": {

From b0cab933daebc93dd2ecb200098b9b11ce13a0f7 Mon Sep 17 00:00:00 2001
From: Jaissica <jaissica.hora@rokt.com>
Date: Wed, 4 Feb 2026 16:22:28 -0500
Subject: [PATCH 3/3] Update release.sh

remove duplicate access flag

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 release.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release.sh b/release.sh
index 20c2dff..e45df97 100755
--- a/release.sh
+++ b/release.sh
@@ -1,2 +1,2 @@
 #!/usr/bin/env bash
-npm publish --provenance --access public
\ No newline at end of file
+npm publish --provenance
\ No newline at end of file