ci: migrate to trusted publishing

Author: frantic1048

.github/workflows/ci.yml

@@ -79,6 +79,9 @@ jobs:
     if: ${{ always() && !failure() && !cancelled() }}
     needs: [test, check-beachball-changefile]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v4
       - uses: pnpm/action-setup@v4
@@ -94,19 +97,15 @@ jobs:
       - name: Publish (development)
         if: github.repository == 'RightCapitalHQ/phpdoc-parser' && github.base_ref == github.event.repository.default_branch
         env:
-          NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
+          HEAD_REF: ${{ github.head_ref }}
         run: |
-          npm config set //registry.npmjs.org/:_authToken "${NPM_TOKEN}"
           preid="${HEAD_REF//\//-}".${{ github.run_number }}.${{ github.run_attempt }}
           npm --no-git-tag-version version prerelease --preid="${preid}"
           pnpm publish --no-git-checks --access public --tag development
 
       - name: Publish (main)
         if: github.repository == 'RightCapitalHQ/phpdoc-parser' && github.ref_name == github.event.repository.default_branch
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}
         run: |
-          npm config set //registry.npmjs.org/:_authToken "${NPM_TOKEN}"
           git config --local user.email "[email protected]"
           git config --local user.name "GitHub Actions[bot]"
           pnpm beachball publish --access public --yes -m 'chore(release): applying package updates'

.node-version

@@ -1 +1 @@
-22.17.1
+24.10.0

change/@rightcapital-phpdoc-parser-3bd33af3-91ce-47c4-8958-96e8a7bba14c.json

@@ -0,0 +1,7 @@
+{
+  "comment": "ci: migrate to trusted publishing",
+  "type": "none",
+  "packageName": "@rightcapital/phpdoc-parser",
+  "email": "[email protected]",
+  "dependentChangeType": "none"
+}