Add missing `id-token: write` permission in release pipeline (#5645)

Signed-off-by: Pascal Marco Caversaccio <pascal.caversaccio@hotmail.ch>

.github/workflows/release-cycle.yml

@@ -131,6 +131,7 @@ jobs:
     environment: npm
     permissions:
       contents: write
+      id-token: write
     if: needs.state.outputs.publish == 'true'
     runs-on: ubuntu-latest
     steps:
@@ -153,6 +154,7 @@ jobs:
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           TARBALL: ${{ steps.pack.outputs.tarball }}
           TAG: ${{ steps.pack.outputs.tag }}
+          NPM_CONFIG_PROVENANCE: true
       - name: Create Github Release
         uses: actions/github-script@v7
         env:

scripts/release/workflow/publish.sh

@@ -9,7 +9,7 @@ PACKAGE_JSON_VERSION="$(tar xfO "$TARBALL" package/package.json | jq -r .version
 echo "//registry.npmjs.org/:_authToken=\${NPM_TOKEN}" > .npmrc
 
 # Actual publish
-npm publish --provenance "$TARBALL" --tag "$TAG"
+npm publish "$TARBALL" --tag "$TAG"
 
 # Clean up tags
 delete_tag() {