From e5bcd88e6a31cf6a886349c708c5fdb6106dd24b Mon Sep 17 00:00:00 2001
From: jlouk <louk.johnny@gmail.com>
Date: Thu, 4 Jun 2026 08:52:30 -0400
Subject: [PATCH 1/3] Add NPM release workflow with OIDC publishing support

This workflow uses the new is-public parameter from gha to enable
NPM Trusted Publishing with OIDC authentication for @mapbox/cloudfriend.

This eliminates the need for NPM tokens and uses GitHub's OIDC to
securely publish public packages to npmjs.com.
---
 .github/workflows/npm-release.yml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/npm-release.yml

diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml
new file mode 100644
index 00000000..d46846d3
--- /dev/null
+++ b/.github/workflows/npm-release.yml
@@ -0,0 +1,22 @@
+name: NPM release
+
+on:
+  pull_request:
+    branches: [master]
+    types:
+      - opened
+      - synchronize
+      - reopened
+      # Triggers the workflow when labels change in the PR
+      - labeled
+      - unlabeled
+  push:
+    branches:
+      - master
+
+jobs:
+  npm-release:
+    uses: mapbox/gha/.github/workflows/workflow-release-npm-package.yml@CLOUDPLAT-3155/adding-public-deploy-for-npm
+    secrets: inherit
+    with:
+      is-public: true  # Enable OIDC authentication for public packages

From 065b0be2a2cb68db8b98bdd4c6ef093441e829af Mon Sep 17 00:00:00 2001
From: jlouk <louk.johnny@gmail.com>
Date: Thu, 4 Jun 2026 09:01:16 -0400
Subject: [PATCH 2/3] Empty commit to retrigger workflows


From b9877887a4d00a961fa5d6c99054bc3220b26803 Mon Sep 17 00:00:00 2001
From: jlouk <louk.johnny@gmail.com>
Date: Thu, 4 Jun 2026 09:01:16 -0400
Subject: [PATCH 3/3] Empty commit to retrigger workflows

Use stable workflow version for testing after gha merge

Change from PR branch reference to workflow-release-npm-package-v1
so we can test once the gha PR is merged and promoted.
---
 .github/workflows/npm-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/npm-release.yml b/.github/workflows/npm-release.yml
index d46846d3..213bd3ca 100644
--- a/.github/workflows/npm-release.yml
+++ b/.github/workflows/npm-release.yml
@@ -16,7 +16,7 @@ on:
 
 jobs:
   npm-release:
-    uses: mapbox/gha/.github/workflows/workflow-release-npm-package.yml@CLOUDPLAT-3155/adding-public-deploy-for-npm
+    uses: mapbox/gha/.github/workflows/workflow-release-npm-package.yml@workflow-release-npm-package-v1
     secrets: inherit
     with:
       is-public: true  # Enable OIDC authentication for public packages