diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ddc3fed..d9206bc 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -4,20 +4,24 @@ name: Release [Manual]
 on: workflow_dispatch
 permissions:
   contents: write
+  id-token: write   # REQUIRED for trusted publishing
 jobs:
   Release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           # fetch-depth is necessary to get all tags
           # otherwise lerna can't detect the changes and will end up bumping the versions for all packages
           fetch-depth: 0
           token: ${{ secrets.RELEASE_COMMIT_GH_PAT }}
+
       - name: Setup Node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: '20.x'
+           node-version: '22'
+           registry-url: 'https://registry.npmjs.org'
+           always-auth: false  # important for trusted publishing
       - name: Configure CI Git User
         run: |
           git config --global user.name $CONFIG_USERNAME
@@ -27,24 +31,16 @@ jobs:
           GITHUB_PAT: ${{ secrets.RELEASE_COMMIT_GH_PAT }}
           CONFIG_USERNAME: ${{ vars.RELEASE_COMMIT_USERNAME }}
           CONFIG_EMAIL: ${{ vars.RELEASE_COMMIT_EMAIL }}
-      - name: Authenticate with Registry
-        run: |
-          echo "@${NPM_USERNAME}:registry=https://registry.npmjs.org/" > .npmrc
-          echo "registry=https://registry.npmjs.org/" >> .npmrc
-          echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> .npmrc
-          npm whoami
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_USERNAME: ${{ vars.NPM_USERNAME }}
 
       - name: Install 📌
         run: |
-          npm install
+          npm ci --ignore-scripts
       - name: Test 🔧
         run: npm run test
       - name: Semantic Publish to NPM 🚀
         # "HUSKY=0" disables pre-commit-msg check (Needed in order to allow semantic-release perform the release commit)
-        run: HUSKY=0 npx semantic-release
+        run: |
+          npm config set provenance true
+          HUSKY=0 npx semantic-release
         env:
           GH_TOKEN: ${{ secrets.RELEASE_COMMIT_GH_PAT }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/package.json b/package.json
index 7f9cd4f..8ade4ff 100644
--- a/package.json
+++ b/package.json
@@ -109,7 +109,14 @@
         }
       ],
       "@semantic-release/release-notes-generator",
-      "@semantic-release/npm",
+      [
+     "@semantic-release/npm",
+     {
+       "npmPublish": true,
+       "pkgRoot": ".",
+       "tarballDir": "dist"
+     }
+   ],
       [
         "@semantic-release/git",
         {
@@ -122,6 +129,6 @@
       ],
       "@semantic-release/github"
     ],
-    "repositoryUrl": "git@github.com:sourcefuse/loopback4-billing.git"
+    "repositoryUrl": "https://github.com/sourcefuse/loopback4-billing.git"
   }
 }