fix(publish_release): add GITHUB_TOKEN to Populate Release step

[saltenasl]

Release is failing yarn install due to missing github token.

https://github.com/deepnote/jupyterlab-deepnote/actions/runs/18873254259/job/53859600292

Summary by CodeRabbit

• Chores
  • Enhanced release workflow authentication to enable secure and authenticated operations during the automated release process, improving reliability and security of releases.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request adds a GitHub token environment variable to the Populate Release workflow step. The GITHUB_TOKEN from repository secrets is now passed as an environment variable to the populate-release action, enabling it to perform authenticated GitHub API operations. The workflow logic remains unchanged; only the step's environment context is enhanced.

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "fix(publish_release): add GITHUB_TOKEN to Populate Release step" directly and accurately describes the main change: adding a GITHUB_TOKEN environment variable to a specific workflow step. The title is concise, uses conventional commit format, and clearly conveys what was modified and why, making it immediately understandable to someone reviewing the repository history.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3959124 and ff135e5.

📒 Files selected for processing (1)

• .github/workflows/publish-release.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: check_release
• GitHub Check: build
• GitHub Check: Lint & Format

🔇 Additional comments (1)

.github/workflows/publish-release.yml (1)

30-39: LGTM. Correct fix for the yarn auth issue.

The addition of GITHUB_TOKEN to the step's environment aligns with the failure root cause and follows the established pattern (see the "Finalize Release" step using NPM_TOKEN similarly). Two tokens serve different purposes here: the app-token is passed as an input parameter for the action's own API calls, while GITHUB_TOKEN in the environment enables yarn to authenticate to the GitHub npm registry during build.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.56%. Comparing base (3959124) to head (ff135e5).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #54   +/-   ##
=======================================
  Coverage   69.56%   69.56%           
=======================================
  Files          13       13           
  Lines         253      253           
  Branches       28       28           
=======================================
  Hits          176      176           
  Misses         73       73           
  Partials        4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.