From eb478ce0fe2c97a2361c64817ee6237cf9547e0b Mon Sep 17 00:00:00 2001
From: zgjimhaziri <z.haziri@celonis.com>
Date: Wed, 17 Dec 2025 15:11:17 +0100
Subject: [PATCH] Add OpenID permissions in publish workflow

---
 .github/workflows/build-or-publish.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-or-publish.yml b/.github/workflows/build-or-publish.yml
index 03d0352..260fbdd 100644
--- a/.github/workflows/build-or-publish.yml
+++ b/.github/workflows/build-or-publish.yml
@@ -9,6 +9,7 @@ on:
       - '.github/**'
 
 permissions:
+  id-token: write
   contents: write
   packages: write
 
@@ -63,6 +64,7 @@ jobs:
     needs: detect-bump
     if: needs.detect-bump.outputs.is_bump == 'true' && github.ref == 'refs/heads/master'
     permissions:
+      id-token: write
       contents: write
       packages: write
     steps:
@@ -117,8 +119,6 @@ jobs:
           scope: '@celonis'
 
       - name: Publish to NPM Registry
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           cd dist/
           npm publish --access public