actions/publishing(nodejs): id-token: write for npm publish with --provenance

[revi]

Why:

NPM refuses to publish with --provenance unless id-token: write permission is supplied.

npm notice Publishing to https://registry.npmjs.org/ with tag latest and public access
npm error code EUSAGE
npm error Provenance generation in GitHub Actions requires "write" access to the "id-token" permission

I used the {% ifversion artifact-attestations %} as it was there in L60 (where the relevant docs were written), but not sure if this would work well... :P

See also: https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions

Closes:

What's being changed (if available, include any code snippets, screenshots, or gifs):

Supply id-token: write permission as documented by NPM.

Check off the following:

• I have reviewed my changes in staging, available via the View deployment link in this PR's timeline (this link will be available after opening the PR).

  • For content changes, you will also see an automatically generated comment with links directly to pages you've modified. The comment won't appear if your PR only edits files in the data directory.

• For content changes, I have completed the self-review checklist.

[welcome]

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[github-actions]

Thanks for submitting a PR to the GitHub Docs project!

In order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, see the documentation.

[revi]

Thanks for submitting a PR to the GitHub Docs project!

In order to review and merge PRs most efficiently, we require that all PRs grant maintainer edit access before we review them. For information on how to do this, see the documentation.

Well,

From the docs

Who can use this feature?

People with push access to the upstream repository of a fork owned by a personal account can commit to the forked branches.

This repo is owned by org, thus there is no such option. (And no, I am not going to move to my personal account just for this.) If this is really a blocker, feel free to close this and do it on your version.

[github-actions]

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

---

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source	Preview	Production	What Changed
actions/publishing-packages/publishing-nodejs-packages.md	fpt ghec ghes@ 3.13 3.12 3.11 3.10 3.9	fpt ghec ghes@ 3.13 3.12 3.11 3.10 3.9

---

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server

[revi]

Please unsubscribe me from all the email from Github

Very Important

Settings > Notifications

[nguyenalex836]

@revi Thanks so much for opening a PR! I'll get this triaged for review ✨

[SiaraMist]

Thanks for catching this and updating it, @revi! You did the versioning perfectly too. ✨ I'll go ahead and get this merged.

[github-actions]

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡