Pass GitHub app token to remaining release workflows

[rezrah]

Summary

Updates our release CI workflows to use the Primer GitHub app instead of the previous OIDC tokens. This is needed because our Release Tracking PRs are not publishing the RC npm package correctly: #1199

List of notable changes:

• Replaces GITHUB_TOKEN with a token generated from the Primer GitHub app. This has elevated permissions, and will allow other bot actors to publish packages correctly.

Steps to test:

1. GitHub Actions should continue to publish canarys in PRs like this.

Contributor checklist:

• All new and existing CI checks pass
• Tests prove that the feature works and covers both happy and unhappy paths
• Any drop in coverage, breaking changes or regressions have been documented above
• UI Changes contain new visual snapshots (generated by adding update snapshots label to the PR)
• All developer debugging and non-functional logging has been removed
• Related issues have been referenced in the PR description

Reviewer checklist:

• Check that pull request and proposed changes adhere to our contribution guidelines and code of conduct
• Check that tests prove the feature works and covers both happy and unhappy paths
• Check that there aren't other open Pull Requests for the same update/change

Screenshots:

Please try to provide before and after screenshots or videos

Before	After

[changeset-bot]

⚠️ No Changeset found

Latest commit: 05443c2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

🟢 No design token changes found

[rezrah]

This PR is publishing the package using the GitHub app token, so this should also fix the RC now too.

[Copilot]

Pull request overview

This PR updates the release workflow to use GitHub App authentication instead of the default GITHUB_TOKEN for four release jobs. This change addresses an issue where Release Tracking PRs were not correctly publishing RC npm packages.

Key Changes:

• Adds GitHub App token generation step to four jobs: release-next-minor, release-candidate, release-candidate-next-minor, and release-canary
• Replaces secrets.GITHUB_TOKEN with app-generated token in GITHUB_TOKEN environment variable for these jobs

Comments suppressed due to low confidence (1)

.github/workflows/release.yml:11

• The comment 'Required for OIDC' is now misleading since the workflow has been migrated to use GitHub App tokens instead of OIDC tokens. This permission may no longer be necessary and the comment should be updated or removed to reflect the current authentication approach.

  id-token: write # Required for OIDC

---

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

[github-actions]

🟢 No visual differences found

Our visual comparison tests did not find any differences in the UI.