Use OIDC for npm publishing in publish-release.yml

[Copilot]

Modify publish-release.yml to use OIDC

Following the pattern from continuous-deployment.yml (commits #446 and #447):

• Update the publish-package job to use OIDC authentication
  • Add permissions block with contents: read and id-token: write
  • Update environment from simple string to object with name and url
  • Remove NODE_AUTH_TOKEN environment variable using secrets
  • Update Node.js version to 24 for OIDC publishing support
• Verify the changes match the pattern from continuous-deployment.yml

Changes Made:

1. Added permissions block to the publish-package job
2. Converted environment: production to structured format with name and URL
3. Removed NODE_AUTH_TOKEN secret-based authentication
4. Updated Node.js version from 18 to 24 for OIDC support

Note on Validation:

The workflow already has version validation in the build-and-draft job that prevents prereleases from being published. No additional validation is needed in the publish-package job since the tarball artifact is only created if the version validation passes in the earlier job.

Original prompt

modify publish-release.yml and use OIDC, follow recent commits in continuous-deployment.yml.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[compulim]

@copilot add get-version step from continuous-deployment.yml

[Copilot]

@copilot add get-version step from continuous-deployment.yml

Added validation step after get-version following the pattern from continuous-deployment.yml. The validation ensures only production versions (without -) are published. (6899dc5)

[compulim]

@copilot revert 6899dc5.

[Copilot]

@copilot revert 6899dc5.

Reverted commit 6899dc5 which added the version validation step. (8ac4571)