Add workflow for releasing w/ package provenance

Closes #815

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      bump:
+        type: choice
+        description: Semver version to bump
+        options:
+          - patch
+          - minor
+          - major
+        default: patch
+      dry-run:
+        type: boolean
+        description: Perform dry-run
+        default: true
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '18.x'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm install -g npm
+      - run: npm i
+      - run: npm run release ${{ github.event.inputs.bump }}${{ github.event.inputs.dry-run && '-- --dry-run'}}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

README.md

@@ -319,19 +319,7 @@ For vulnerability reports, send an e-mail to `js-cookie at googlegroups dot com`
 
 ## Releasing
 
-We are using [release-it](https://www.npmjs.com/package/release-it) for automated releasing.
-
-Start a dry run to see what would happen:
-
-```bash
-npm run release minor -- --dry-run
-```
-
-Do a real release (publishes both to npm as well as create a new release on GitHub):
-
-```bash
-npm run release minor
-```
+For releasing there's the `Release` GitHub Actions workflow, which will create a new release along with package provenance on npmjs.com.
 
 _GitHub releases are created as a draft and need to be published manually!
 (This is so we are able to craft suitable release notes before publishing.)_

package.json

@@ -66,6 +66,7 @@
     "standard": "^17.0.0"
   },
   "engines": {
-    "node": ">=14"
+    "node": ">=14",
+    "npm": ">=9.5.0"
   }
 }