fix: run npm config set before publishing

[dcroote]

OK! After a bit of testing all we need is to set the secret where npm wants it. Here is the key llines from my test repo:

https://github.com/dcroote/random-test-proj987/blob/96236eecc4059b46abbc26903eebb2ff059865c4/.github/workflows/build.yml#L36-L39

This is actually what the changeset actions does:

By default the GitHub Action creates a .npmrc file with the following content: //registry.npmjs.org/:_authToken=${process.env.NPM_TOKEN}

And here is the published package, with provenance: https://www.npmjs.com/package/@dcroote/random-test-proj987

For the token, I used the Granular Access Token with Read and write scoped to only the specific package

[Siegrift]

For the token, I used the Granular Access Token with Read and write scoped to only the specific package

I've created the token to be be able to read/write to @api3 scope. I intend to use the same one across all repos for convenience.

[andreogle]

That worked! Thanks again @dcroote

[dcroote]

Great!