Merge pull request #20 from phantom/ilan/rotoken

fix: token for publishing

Author: ilan-phantom

.github/workflows/release.yml

@@ -33,6 +33,7 @@ jobs:
         with:
           node-version: 20.x
           registry-url: "https://registry.npmjs.org"
+          token: ""
 
       - name: Ensure npm 11.5.1+ for trusted publishing
         run: npm install -g npm@^11.5.1
@@ -47,4 +48,7 @@ jobs:
           # This expects you to have a script called release which does a build for your packages and calls changeset publish
           publish: yarn release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # we use trusted publishing and setup-node will set these incorrectly. Unset if we ever use RO_TOKEN
+          NODE_AUTH_TOKEN: ""
+          NPM_TOKEN: ""

security.yaml

@@ -0,0 +1 @@
+codeowner_approvals: false