From 60a52a9fb79eb8e26b33af2295cad9970d8d7e9e Mon Sep 17 00:00:00 2001
From: Tanjeem Hossain <tanjeemhossain125@bitgo.com>
Date: Wed, 15 Oct 2025 09:20:55 -0400
Subject: [PATCH 1/2] ci: add debug step to fetch oidc token

Ticket: DX-2084
---
 .github/workflows/release.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c51b4b57..1fbcd895 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -21,6 +21,16 @@ on:
       - "[0-9]+.x"
 
 jobs:
+  verify-oidc:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Show OIDC token
+        run: |
+          echo "OIDC token exists: $ACTIONS_ID_TOKEN_REQUEST_TOKEN"
+
   release:
     uses: semantic-release-action/typescript/.github/workflows/release.yml@1d40c29e2d500f3bcceeb13f95d26a3a1b571f51 # v3.0.20
     secrets:

From af6b165369426ed0feb480ed25e96f129f95ad7e Mon Sep 17 00:00:00 2001
From: Tanjeem Hossain <tanjeemhossain125@bitgo.com>
Date: Wed, 15 Oct 2025 09:55:56 -0400
Subject: [PATCH 2/2] ci: test if semantic-release still uses dummy token

Ticket: DX-2084
---
 .github/workflows/release.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1fbcd895..2582fc04 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -33,7 +33,7 @@ jobs:
 
   release:
     uses: semantic-release-action/typescript/.github/workflows/release.yml@1d40c29e2d500f3bcceeb13f95d26a3a1b571f51 # v3.0.20
-    secrets:
-      npm-token: "FAKE_NPM_TOKEN_FOR_SEMANTIC_RELEASE"
+    # secrets:
+    #   npm-token: "FAKE_NPM_TOKEN_FOR_SEMANTIC_RELEASE"
     with:
       disable-semantic-release-git: true