OIDC trusted publishing with minimal changes

Required changes for npm OIDC:
- Node 22.x + npm >= 11.5 (required for OIDC)
- Remove registry-url from setup-node
- Add repository field to package.json
- id-token: write permission (already present)

Note: --provenance flag not needed, automatic with OIDC

TEMPORARY: push trigger for testing

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: toml01

.github/workflows/release.yml

@@ -2,12 +2,12 @@ name: Publish Cofhe Contracts Package to npmjs
 on:
   release:
     types: [published]
-  push:  # TEMPORARY: for testing OIDC - remove before merge
+  push:  # TEMPORARY: for testing - remove before merge
     branches: [fix/npm-oidc-provenance]
 
 permissions:
   contents: read
-  id-token: write  # Required for NPM provenance
+  id-token: write  # Required for NPM OIDC trusted publishing
 
 jobs:
   publish:
@@ -16,28 +16,28 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v4
         with:
-          node-version: 22.x  # Node 22 ships with npm 11.x needed for OIDC
-          # Note: NOT setting registry-url so npm can use OIDC natively
+          node-version: 22.x  # Node 22 for npm 11.x (OIDC requires npm >= 11.5)
       - name: Upgrade npm for OIDC support
-        run: npm install -g npm@latest  # Ensure npm >= 11.5 for trusted publishing
+        run: npm install -g npm@latest
       - name: Install pnpm
         uses: pnpm/action-setup@v4
         with:
           version: latest
           run_install: false
       - name: Install deps
         run: cd contracts && pnpm install
-      
+
       - name: Read package version
         id: package_version
         run: echo "VERSION=$(jq -r .version < ./contracts/package.json)" >> $GITHUB_ENV
 
       - name: Determine prerelease tag
         id: prerelease_check
         run: |
-          if [[ "${{ env.VERSION }}" =~ \-(alpha|beta)\.[0-9]+$ ]]; then
+          if [[ "${{ env.VERSION }}" =~ \-(alpha|beta|test)\.[0-9]+$ ]]; then
             echo "PRERELEASE=--tag beta" >> $GITHUB_ENV
           else
             echo "PRERELEASE=" >> $GITHUB_ENV
           fi
-      - run: cd contracts && npm publish --provenance --access public --tag test  # TEMPORARY: testing OIDC with test tag
+      - name: Publish to npm
+        run: cd contracts && pnpm publish --no-git-checks ${{ env.PRERELEASE }}

contracts/package.json

@@ -1,11 +1,15 @@
 {
 	"name": "@fhenixprotocol/cofhe-contracts",
 	"description": "Smart Contract Library for the CoFHE with FHE primitives",
-	"version": "0.0.14-test.7",
+	"version": "0.0.14-test.9",
 	"author": {
 		"name": "FhenixProtocol",
 		"url": "https://github.com/FhenixProtocol/cofhe-contracts"
 	},
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/FhenixProtocol/cofhe-contracts"
+	},
 	"files": [
 		"FHE.sol",
 		"ICofhe.sol"