Update release workflows for NPM OIDC trusted publishing

[jonrohan]

Part of https://github.com/github/primer/issues/6015

I also have a companion PR that will need to ship after this change to fix the integration workflows https://github.com/github/github-ui/pull/5972

This updates our workflows to allow for the NPM trusted publishing. With this we will no longer need to use tokens to publish the packages. https://docs.npmjs.com/trusted-publishers

One caveat though is that the configuration only allows for one workflow to publish. Because of this I needed to combine release.yml, release_candidate.yml, release_canary.yml into 1 file.

Testing & Reviewing

I tested the canary release obviously here, I'm not sure we can test the main and candidate scenario without merging and fixing any issues that might exist. So in review, take a closer look at the release-main: and release-candidate: jobs.

Merge checklist

• Added/updated tests
• Added/updated documentation
• Added/updated previews (Storybook)
• Changes are SSR compatible
• Tested in Chrome
• Tested in Firefox
• Tested in Safari
• Tested in Edge
• (GitHub staff only) Integration tests pass at github/github (Learn more about how to run integration tests)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 6ad6c5a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

👋 Hi, this pull request contains changes to the source code that github/github depends on. If you are GitHub staff, we recommend testing these changes with github/github using the integration workflow. Thanks!

[Copilot]

Pull Request Overview

This PR consolidates GitHub release workflows and standardizes repository field formatting across package.json files. The changes streamline the release process by merging three separate workflow files into a single unified workflow.

• Standardizes the repository field format in package.json files to use the expanded object notation with type and url properties
• Consolidates release_candidate.yml and release_canary.yml into the main release.yml workflow file
• Updates the release workflow trigger to use push on any branch and adds workflow_dispatch for manual triggering

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
packages/react/package.json	Expanded repository field from shorthand string to object notation
packages/styled-react/package.json	Added repository field with full git URL
packages/mcp/package.json	Added repository field with full git URL
.github/workflows/release.yml	Merged candidate and canary release jobs into main workflow, removed branch filtering, added workflow_dispatch trigger
.github/workflows/release_candidate.yml	Removed (consolidated into release.yml)
.github/workflows/release_canary.yml	Removed (consolidated into release.yml)

[siddharthkp]

Looks good to me!

Only one allowed workflow is a bummer, but it will have to do!