Restore NODE_AUTH_TOKEN for GitHub Packages publish

[liuliu-dev]

The publish-github job in publish.yml failed during the v5.1.0 release with 401 Unauthorized when pushing to npm.pkg.github.com:

npm error 401 Unauthorized - PUT https://npm.pkg.github.com/@github%2frelative-time-element - unauthenticated: User cannot be authenticated with the token provided.

This is a regression from a8c32fc, which added id-token: write to the GPR job and removed NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} from the publish step.

That change appears to mirror the OIDC trusted-publisher flow we use for npmjs.org, but npm.pkg.github.com still requires NODE_AUTH_TOKEN to authenticate the publish.

This PR restores NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} on the GPR publish step.

[Copilot]

Pull request overview

This PR fixes a release regression in the GitHub Actions publish workflow by restoring authentication for publishing to GitHub Packages (npm.pkg.github.com) in the publish-github job.

Changes:

• Re-adds NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} to the GitHub Packages npm publish step to prevent 401 Unauthorized failures.

Show a summary per file

File	Description
.github/workflows/publish.yml	Restores NODE_AUTH_TOKEN on the GitHub Packages publish step so npm publish can authenticate to npm.pkg.github.com.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 0