ci(deploy): install npm version 11

[Garbee]

The other part that I forgot with deploy. We run on Node 22 by the .nvmrc version, which uses npm@10 as the default version. To use OIDC publishing at all, npm must be at 11.5.1 or higher. So dual combo of the token being off before combined with this version issue is why deployment was failing.

Closes: #4912

[Copilot]

Pull request overview

This PR updates the CI deployment workflow to install npm version 11, which is required for OIDC publishing support (npm ≥11.5.1). The change addresses a deployment failure caused by Node 22's default npm@10 being incompatible with OIDC publishing requirements.

• Adds a new step to install npm@11 globally before project dependencies
• Applies the npm installation step to both the deploy-next and prod-deploy jobs using YAML anchors

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The version specifier npm@11 installs the latest npm 11.x version, which could lead to non-deterministic builds if future npm 11.x releases introduce changes. Consider pinning to a specific version like [email protected] (the minimum required version mentioned in the PR description) or a more specific version range to ensure reproducible builds.

Suggested change

	run: npm install -g npm@11
	run: npm install -g npm@11.5.1

[Garbee]

npm itself is pretty good with backwards compatibility. We could pin, but is it really providing us much value since this is temporary until we upgrade to node 24 anyways? At that point the 11 series npm will be the default and we won't need step at all anymore. And, it will be doing exactly what this step is doing. Using the latest version attached to our 24 version.

[straker]

I'm inclined to say we update our .nvm file to use node 24. It only enforces the development version of node so if we need node 24 to publish then we should update to it.

[dbjorge]

I'm inclined to say we update our .nvm file to use node 24. It only enforces the development version of node so if we need node 24 to publish then we should update to it.

I agree that I prefer keeping development/testing/publishing on the same versions of package management if possible, and the easiest way to encourage that for local development is to use .nvmrc for it.

That said, if you encounter any issues at all with bumping .nvmrc to 24, I'm also fine with installing npm 11 separately in the short term to get OIDC publishing unblocked.