Merge pull request #87 from tomodachi94/ci-trusted-publishing

ci: start setting up trusted publishing

Author: dubadub

.github/workflows/release.yml

@@ -634,9 +634,13 @@ jobs:
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
 
+      - name: Authenticate to crates.io
+        uses: rust-lang/crates-io-auth-action@v1
+        id: auth
+
       - name: Publish to crates.io
         env:
-          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
         run: cargo publish --no-verify
 
   # Publish TypeScript package to npm
@@ -645,6 +649,9 @@ jobs:
     needs: [build-ios, build-android]
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/') && github.event.inputs.dry_run != 'true'
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - name: Checkout sources
         uses: actions/checkout@v4
@@ -669,6 +676,4 @@ jobs:
 
       - name: Publish to npm
         working-directory: typescript
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npm publish --access public