build: migrate npm publishing to OIDC trusted publishers (#705)

## Problem
npm has changed granular token from unlimited expiration to 90 day max
limit:
https://github.blog/changelog/2025-09-29-strengthening-npm-security-important-changes-to-authentication-and-token-management/#granular-npm-access-token-lifetime-limits

## Solution
To allow us to not have to rotate token every 90 days, this pr migrates
from a granular token stored in aws secrets manager to oidc
authentication

## Testing
Including a temp comment in this PR so that I can merge in the
release-please PR. Then I can see if the packages get published to npm

<!---
    REMINDER:
    - Read CONTRIBUTING.md first.
    - Add test coverage for your changes.
    - Link to related issues/commits.
    - Testing: how did you test your changes?
    - Screenshots if applicable
-->

## License

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

Author: chungjac

.github/workflows/release-please.yaml

@@ -6,7 +6,7 @@ on:
       - main
 
 permissions:
-  id-token: write # This is required for requesting the JWT (aws-actions/configure-aws-credentials)
+  id-token: write # Required for OIDC authentication with npm
   contents: write # to create release commit (google-github-actions/release-please-action)
   pull-requests: write # to create release PR (google-github-actions/release-please-action)
 
@@ -31,22 +31,6 @@ jobs:
           persist-credentials: false
         if: ${{ fromJson(steps.release.outputs.releases_created) }}
 
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          role-to-assume: arn:aws:iam::935785792371:role/GithubNpmPublishAction
-          role-session-name: language-server-runtimes-github
-          aws-region: us-east-1
-        if: ${{ fromJson(steps.release.outputs.releases_created) }}
-
-      - name: Get npm access token
-        uses: aws-actions/aws-secretsmanager-get-secrets@v2
-        with:
-          secret-ids: |
-            npmjs/github_automation
-          parse-json-secrets: true
-        if: ${{ fromJson(steps.release.outputs.releases_created) }}
-
       - name: Setup Nodejs
         uses: actions/setup-node@v4
         with:
@@ -55,10 +39,6 @@ jobs:
           scope: '@aws'
         if: ${{ fromJson(steps.release.outputs.releases_created) }}
 
-      - name: Set token
-        run: echo "NODE_AUTH_TOKEN=${{ env.NPMJS_GITHUB_AUTOMATION_TOKEN }}" >> $GITHUB_ENV
-        if: ${{ fromJson(steps.release.outputs.releases_created) }}
-
       - name: Compile and test packages
         run: |
           npm clean-install

types/chat.ts

@@ -751,3 +751,5 @@ export interface SubscriptionDetailsParams {
 }
 
 export interface SubscriptionUpgradeParams {}
+
+// temp comment