Fix trusted publishing repository metadata

[sorenbs]

Summary

• set package.json repository.url to https://github.com/prisma/studio
• document why the field must match the trusted publishing provenance repository

Why

The @prisma/studio-core@0.28.0 publish workflow built and passed export validation, but npm rejected trusted publishing provenance because package.json did not include a matching repository URL.

Validation

• pnpm release:prepare
• git diff --check

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: d240f27e-3559-4980-a4c2-b96dbd037028

📥 Commits

Reviewing files that changed from the base of the PR and between 3a29ef4 and 364ebd0.

📒 Files selected for processing (2)

• RELEASE.md
• package.json

---

Summary by CodeRabbit

• Documentation

  • Clarified trusted publishing setup requirements in release documentation, emphasizing that the repository URL in package metadata must be maintained and correctly configured, as npm validates this information against GitHub Actions provenance bundles during the publication process.

• Chores

  • Added repository metadata to the package configuration, properly specifying the git type and GitHub repository URL to support trusted publishing workflows.

Walkthrough

This PR adds repository metadata to package.json and documents the requirement in RELEASE.md. The change specifies the git repository type and the GitHub repository URL for Prisma Studio. The release documentation clarifies that this field must remain set correctly because npm validates the package metadata against the GitHub Actions provenance bundle during the trusted publishing workflow.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Fix trusted publishing repository metadata' clearly and concisely summarizes the main change: updating package.json repository metadata to fix trusted publishing validation.
Description check	✅ Passed	The description directly explains the changes (setting repository.url, documenting the requirement) and provides the context for why they were needed (npm rejection of trusted publishing provenance).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/fix-trusted-publishing-metadata

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch codex/fix-trusted-publishing-metadata

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Compute preview deployed.

Branch: codex/fix-trusted-publishing-metadata
Service: codex-fix-trusted-publishing-metadata
Preview: https://cmpz8fbhy0sirfbxof56ol1e8.cdg.prisma.build
Version: https://cv-9ab6fda88c09.cdg.prisma.build