fix: fix npm release workflow and auth configuration

- Define workflow triggers and global permissions to enable OIDC-based authentication.
- Specify the NPM registry URL in the Node.js setup to authorize the publishing process.
- Enable provenance and public access flags to satisfy security and publishing requirements.

Author: orange-guo

.github/workflows/release.yml

@@ -1,18 +1,28 @@
+name: Release
+
+# 1. 触发条件配置 (必须修复这里)
+on:
+  push:
+    branches:
+      - main  # 当推送到 main 分支时触发
+
+# 2. 权限配置 (OIDC 必须)
+permissions:
+  contents: read
+  id-token: write 
+
 jobs:
   publish:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write # OIDC 必须权限
-
     steps:
       - uses: actions/checkout@v4
 
+      # 3. 环境配置 (修复 ENEEDAUTH 认证错误)
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
           node-version: '20'
-          # 👇 关键修正 1：添加这行，让 Action 自动配置 .npmrc 认证
+          # 必须指定 registry-url，setup-node 才会生成带 Auth 的 .npmrc
           registry-url: 'https://registry.npmjs.org'
 
       - name: Install dependencies
@@ -21,10 +31,11 @@ jobs:
       - name: Build project
         run: yarn build
 
+      # 4. 发布命令 (开启 Provenance)
       - name: Publish to NPM
         env:
-          # 这一步会读取 Setup Node.js 生成的 .npmrc 配置
+          # 读取 GitHub Secrets 中的 Token
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        # 👇 关键修正 2：添加 --provenance 参数
-        # 同时添加 --access public 确保包是公开的（OIDC 目前主要支持公开包）
+        # --provenance: 生成来源证明
+        # --access public: 确保发布为公开包
         run: npm publish --provenance --access public