Fix npm authentication for semantic-release publishing

[Copilot]

semantic-release was failing during npm publish with ENEEDAUTH and OIDC token exchange errors. npm requires explicit .npmrc configuration even when NPM_TOKEN environment variables are set.

Changes

• Added npm authentication step before semantic-release in .github/workflows/ci-cd.yml
• Creates ~/.npmrc with registry auth token from GitHub secret

- name: Set up npm auth
  run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc

Requirements

Repository must have NPM_TOKEN secret configured:

1. Generate npm "Automation" token at npmjs.com
2. Add as repository secret: Settings → Secrets and variables → Actions → NPM_TOKEN

Original prompt

Github action job failed during the npm publish phase in the verifyConditions step of semantic-release, specifically with these errors:

OIDC token exchange with the npm registry failed: 404 OIDC token exchange error - package not found
npm error code ENEEDAUTH: "This command requires you to be logged in."
npm error: "You need to authorize this machine using npm adduser"
This means the npm authentication for publishing is not properly configured.

Solution:

Ensure your workflow (.github/workflows/ci-cd.yml) includes npm authentication for publishing.
You should use an npm token as a GitHub Actions secret.
Recommended Steps:

Go to npmjs.com and generate a new "Automation" access token for your user or organization.
In your GitHub repository, navigate to Settings → Secrets and variables → Actions and add a new secret named NPM_TOKEN with the token you generated.
In your workflow file, add the following before running semantic-release or npm publish:
YAML
- name: Set up npm auth
run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc

Custom agent used: Dev Ops Arch
Guides infrastructure, CI/CD, and deployment workflows for the project.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[github-actions]

Azure Static Web Apps: Your stage site is ready! Visit it here: https://victorious-cliff-0ab69fe0f-44.eastus2.3.azurestaticapps.net

[Copilot]

Pull request overview

This PR fixes npm authentication for the semantic-release publishing workflow by adding explicit .npmrc configuration. The issue was that semantic-release's npm plugin was failing with ENEEDAUTH errors during the publish phase, even though NPM_TOKEN was available as an environment variable.

Key Changes:

• Added npm authentication setup step in CI/CD workflow before semantic-release runs
• Creates ~/.npmrc file with registry authentication token from GitHub secrets