chore: trusted publishing for npm packages (#1347)

trusted publishing for npm packages

Author: kushalshit27

.circleci/config.yml

@@ -48,42 +48,6 @@ jobs:
           paths: .
       - codecov/upload
 
-  deploy:
-    parameters:
-      v:
-        type: string
-        default: "lts"
-    docker:
-      - image: cimg/node:<< parameters.v >>
-    working_directory: ~/repo
-    steps:
-      - attach_workspace:
-          at: ~/repo
-      - run:
-          name: Authenticate with registry
-          command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/repo/.npmrc
-      - run:
-          name: Publish package
-          command: npm publish
-
-  deploy_beta:
-    parameters:
-      v:
-        type: string
-        default: "lts"
-    docker:
-      - image: cimg/node:<< parameters.v >>
-    working_directory: ~/repo
-    steps:
-      - attach_workspace:
-          at: ~/repo
-      - run:
-          name: Authenticate with registry
-          command: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/repo/.npmrc
-      - run:
-          name: Publish beta package
-          command: npm publish --tag beta
-
   does_typescript_compile:
     docker:
       - image: cimg/node:22.12.0
@@ -128,48 +92,3 @@ workflows:
           name: Unit tests with Node current
           v: "22.12.0"
 
-  test_and_deploy:
-    jobs:
-      - unit_test:
-          name: Unit tests with Node LTS
-          v: "lts"
-          filters:
-            branches:
-              only: master
-            tags:
-              only: /^v.*/
-      - deploy:
-          name: Publish to NPM
-          v: "lts"
-          requires:
-            - Unit tests with Node LTS
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+$/
-          context:
-            - publish-npm
-
-  test_and_deploy_beta:
-    jobs:
-      - unit_test:
-          name: Unit tests with Node LTS (Beta)
-          v: "lts"
-          filters:
-            branches:
-              only: beta
-            tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$/
-      - deploy_beta:
-          name: Publish Beta to NPM
-          v: "lts"
-          requires:
-            - Unit tests with Node LTS (Beta)
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /^v[0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+$/
-          context:
-            - publish-npm

.github/workflows/npm-publish.yml

@@ -0,0 +1,52 @@
+name: Publish package to npm
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: 22.14.0
+          registry-url: https://registry.npmjs.org
+          cache: npm
+
+      - name: Update npm for trusted publishing
+        run: npm install --global npm@11
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Build package
+        run: npm run build
+
+      - name: Determine npm dist-tag
+        id: npm_dist_tag
+        shell: bash
+        run: |
+          VERSION="${GITHUB_REF_NAME#v}"
+
+          if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-beta\.[0-9]+)?$ ]]; then
+            echo "Unsupported release tag: ${GITHUB_REF_NAME}" >&2
+            exit 1
+          fi
+
+          if [[ "$VERSION" == *"-beta."* ]]; then
+            echo "value=beta" >> "$GITHUB_OUTPUT"
+          else
+            echo "value=latest" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Publish package
+        run: npm publish --tag "${{ steps.npm_dist_tag.outputs.value }}"