feat: prepare OIDC trusted publishers by removing NPM_TOKEN

.github/workflows/rn-publish.yml

@@ -111,25 +111,6 @@ jobs:
           console.log('Packed package manifest has no workspace: dependencies.');
           NODE
 
-      # DELETE AFTER FIRST PUBLISH: START
-      # This bootstrap-only auth check supports the first publish before npm
-      # Trusted Publishing/OIDC can be configured for the package. Once the
-      # package exists on npm and Trusted Publishing is configured for this
-      # workflow/environment, delete this whole step.
-      - name: Print npm auth mode
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        run: |
-          set -euo pipefail
-          if [ -n "${NPM_TOKEN:-}" ]; then
-            echo "::notice::NPM_TOKEN is present — bootstrap/token publish path will be used."
-            pnpm whoami
-          else
-            echo "::notice::NPM_TOKEN is not present — relying on npm trusted publishing/OIDC."
-          fi
-      # DELETE AFTER FIRST PUBLISH: END
-
       - name: Publish to npm
         run: |
           set -euo pipefail
@@ -138,12 +119,4 @@ jobs:
         env:
           NPM_TAG: ${{ steps.release.outputs.npm_tag }}
           NPM_CONFIG_PROVENANCE: "true"
-          # DELETE AFTER FIRST PUBLISH: START
-          # These token env vars bootstrap the first publish. After npm Trusted
-          # Publishing/OIDC is configured for this package/workflow/environment,
-          # replace both values with empty strings (or delete both lines) so npm
-          # uses OIDC instead of a long-lived token.
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-          # DELETE AFTER FIRST PUBLISH: END