Add NPM_TOKEN of nodejs-foundation to nodejs/nodejs.org

[ovflowd]

Hey folks, following this issue which led to this pull request we need someone from the TSC to add on the repository settings (Secrets > GitHub Actions) a secret named NPM_TOKEN for the nodejs-foundation NPM account, so we can publish our @node-core packages

cc @nodejs/tsc @nodejs/build

[legendecas]

NPM supports granular access tokens and it'd be good to limit the token scopes. For more information, check out https://docs.npmjs.com/about-access-tokens#about-granular-access-tokens.

Options:

• Allow read/write access on listed packages,
• Allow read/write access on scope @node-core (Package list: https://www.npmjs.com/org/node-core).

Reading the thread on nodejs/nodejs.org#7776, I suppose that the packages to be published are:

• @node-core/ui-components,
• @node-core/website-i18n,
• @node-core/rehype-shiki.

Are you good with a granular token on the specified packages?

[ovflowd]

Allow read/write access on listed packages,

Sounds good to me!

@node-core/ui-components,
@node-core/website-i18n,
@node-core/rehype-shiki.

For these packages. And if we ever need more, we can request more :)

@avivkeller can you confirm?

[avivkeller]

Yes, those are the only ones we need right now

[legendecas]

Added NPM_TOKEN repository GitHub action secret on https://github.com/nodejs/nodejs.org for the following packages:

• https://www.npmjs.com/package/@node-core/ui-components
• https://www.npmjs.com/package/@node-core/website-i18n
• https://www.npmjs.com/package/@node-core/rehype-shiki

The token has a required expiration date and it is set to May 27, 2026. Please let me know if it does not work.

[avivkeller]

I'll merge our PR and test the token now.

[avivkeller]

Token is good :-)

[ovflowd]

🎉 🚀