ci: switch to npm trusted publishing via OIDC

[enaboapps]

Removes NPM_TOKEN in favour of npm's trusted publishing — GitHub Actions authenticates via OIDC so no secret is needed.

Summary by CodeRabbit

• Chores
  • Updated npm publishing workflow configuration.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0dc4a3b1-c33d-45cc-9263-31358cfada1a

📥 Commits

Reviewing files that changed from the base of the PR and between f171332 and 312a4b4.

📒 Files selected for processing (1)

• .github/workflows/publish.yml

---

📝 Walkthrough

Walkthrough

Removed the NODE_AUTH_TOKEN environment variable from the npm publish workflow step in the GitHub Actions configuration file. This eliminates the environment variable declaration from the step's env block without altering the publish step's execution logic.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/publish.yml	Removed NODE_AUTH_TOKEN environment variable from the "Publish to npm" step's env block (2 lines deleted).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• Add CI/CD pipeline with GitHub Actions #42: Directly modifies the same .github/workflows/publish.yml file, managing NODE_AUTH_TOKEN handling in the npm publish workflow step.

Poem

🐰 A token takes flight, removed from the flow,
No secrets whispered when workflows do go,
The publish still runs, swift and clean,
Simplest of changes, most elegant scene! ✨

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/npm-trusted-publishing

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}