chore: ensure github-actions detection by npm can work (#5842)

https://coveord.atlassian.net/browse/KIT-4720
and + some for Quantic, just playin' safe.

Fix-it-twice maybe in vercel/turborepo#10740

Author: louis-bompart

turbo.json

@@ -73,7 +73,12 @@
     },
     "release:phase3": {
       "dependsOn": ["^release:phase3"],
-      "env": ["NODE_AUTH_TOKEN", "NPM_CONFIG_USERCONFIG"],
+      "env": [
+        "NODE_AUTH_TOKEN",
+        "NPM_CONFIG_USERCONFIG",
+        "ACTIONS_ID_TOKEN_REQUEST_URL",
+        "ACTIONS_ID_TOKEN_REQUEST_TOKEN"
+      ],
       "cache": false
     }
   },
@@ -91,5 +96,6 @@
     "PR_NUMBER",
     "NODE_ENV",
     "CI"
-  ]
+  ],
+  "globalPassThroughEnv": ["GITHUB_*", "RUNNER_*", "SFDX_*"]
 }

utils/ci/npm-publish-package.mjs

@@ -27,9 +27,6 @@ async function isPublished(name, version, tag = version) {
 
 const isPrerelease = process.env.IS_PRERELEASE === 'true';
 const tagSuffix = process.env.TAG_SUFFIX || '';
-const shouldProvideProvenance =
-  !isPrerelease &&
-  process.env.npm_config_registry !== 'https://npm.pkg.github.com';
 /** @type {import('@npmcli/package-json').PackageJson} */
 const {name, version} = JSON.parse(
   readFileSync('package.json', {encoding: 'utf-8'})
@@ -43,7 +40,7 @@ if (!(await isPublished(name, version))) {
     : 'beta';
   await npmPublish('.', {
     tag: tagToPublish,
-    provenance: shouldProvideProvenance,
+    provenance: true,
   });
 } else {
   console.log(`Version ${version} is already published.`);