ci: updated release workflow to use octo-sts for GH auth (#77)

* ci: updated release workflow to use octo-sts for GH auth

* ci: optimized release workflow

Author: jarrettgaither

.github/chainguard/semantic-release.sts.yaml

@@ -0,0 +1,7 @@
+---
+issuer: https://token.actions.githubusercontent.com
+subject_pattern: repo:liatrio/react-dora-charts:.*
+
+permissions:
+  contents: write
+  packages: write

.github/workflows/release.yml

@@ -26,16 +26,26 @@ jobs:
       HUSKY: 0
 
     steps:
+      - name: Get Octo-sts token
+        uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f
+        id: octo-sts
+        with:
+          scope: 'liatrio/react-dora-charts'
+          identity: semantic-release
+
       - uses: actions/checkout@v4
         with:
-          persist-credentials: false
+          fetch-tags: true
+          fetch-depth: 0
+          token: ${{ steps.octo-sts.outputs.token }}
 
       - name: Setup node
         id: node
         uses: actions/setup-node@v4
         with:
           node-version-file: '.nvmrc'
           cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
 
       - name: Install dependencies
         run: yarn install
@@ -45,6 +55,6 @@ jobs:
 
       - name: Bump and Release
         env:
-          GITHUB_TOKEN: ${{ secrets.TAGGING_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: npx semantic-release