fix(ci): pass github packages publish token

[Jess Sullivan (Jesssullivan)]

Passes the optional GITHUB_PACKAGES_TOKEN through to the reusable Bazel package Publish workflow and updates the reusable workflow pin to the token-override capable revision.

This is the follow-up to the GitHub Packages scope fix: the mirror package names are now @tinyland-inc/*, but existing granular packages can still reject the repo GITHUB_TOKEN with permission_denied: write_package unless the package-admin token is passed.

Tracking: TIN-713

[greptile-apps]

Greptile Summary

This PR updates the pinned SHA of the reusable js-bazel-package.yml workflow to a revision that supports a token override, and passes GITHUB_PACKAGES_TOKEN as an optional secret so existing granular packages under @tinyland-inc/* can be published even when the default GITHUB_TOKEN lacks write_package permission. The change is minimal and correctly scoped.

Confidence Score: 5/5

Safe to merge — minimal, focused change with no logic or security issues.

The only changes are a SHA pin bump on the reusable workflow (expected per PR description) and appending an optional secret passthrough. No logic, no new permissions, and no secrets are exposed. The GITHUB_PACKAGES_TOKEN secret will silently be empty if not configured, which is safe for an optional parameter.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/publish.yml	Updates reusable workflow pin to a new SHA and adds GITHUB_PACKAGES_TOKEN secret passthrough for GitHub Packages publish permission fix.

Sequence Diagram

sequenceDiagram
    participant GHA as GitHub Actions
    participant PW as publish.yml (this repo)
    participant RW as js-bazel-package.yml@c1fbeee (ci-templates)
    participant GHCR as GitHub Packages (GHCR)
    participant NPM as npm Registry

    GHA->>PW: release published / workflow_dispatch
    PW->>RW: uses (SHA-pinned)
    PW-->>RW: secrets.NPM_TOKEN
    PW-->>RW: secrets.GITHUB_PACKAGES_TOKEN (new)
    RW->>GHCR: publish @tinyland-inc/tinyland-user-resolution (uses GITHUB_PACKAGES_TOKEN if set)
    RW->>NPM: publish (uses NPM_TOKEN)

Loading

_{Reviews (2): Last reviewed commit: "fix(ci): pass github packages publish to..." | Re-trigger Greptile}

[greptile-apps]

Missing newline at end of file

The file is missing a trailing newline. Most editors and POSIX tools expect files to end with a newline, and the diff explicitly marks this with \ No newline at end of file.

Suggested change

	GITHUB_PACKAGES_TOKEN: ${{ secrets.GITHUB_PACKAGES_TOKEN }}
	GITHUB_PACKAGES_TOKEN: ${{ secrets.GITHUB_PACKAGES_TOKEN }}