Add releaser tokens to the repo

[jtpio]

As a follow-up to #145, we will be making a new release of the extension that is compatible with JupyterLab 4.

Currently the repo does not have any token in the GitHub Actions secrets:

Which means using the workflows from the repo and https://github.com/jupyterlab-bot will likely not work.

If jupyterlab-github is already configured to support the trusted publisher on PyPI, we could also use this instead of the PyPI release token.

cc @blink1073 @fcollonval @JasonWeill who I think have access to the shared vault. If you can help with this that would be great, thanks! I don't have access to the bot tokens.

[blink1073]

I added the trusted publisher integration and the NPM token, working on admin github token now:

[blink1073]

Okay, should be ready:

[jtpio]

Thanks!

I'll try running the workflows now.

[jtpio]

Looks like the workflow was missing:

permissions:
      id-token: write

Will add it and start again.

[jtpio]

Now the error is:

requests.exceptions.HTTPError: 422 Client Error: Unprocessable Entity for url: https://pypi.org/_/oidc/github/mint-token

[fcollonval]

This means that the package on PyPI is not configure to use a trusted publisher.

Someone with enough rights on https://pypi.org/project/jupyterlab-github/ should do it, or you should comment the id token and add a PyPI token.

[jtpio]

From #147 (comment):

I added the trusted publisher integration and the NPM token, working on admin github token now:

Could it be because of a workflow name mismatch?

[blink1073]

Yes, the workflow name must be the same, I updated it. The workflow also needs to be set to run in the release environment (which will have to be created and configured in the workflow):

[jtpio]

Thanks @blink1073!

Looks like it worked this time after adding the environment to the workflow (#152): https://pypi.org/project/jupyterlab-github/4.0.0/

Closing as fixed.