If `publish: true` is not set, then the release intergration workflow
falls back to running `npm view $SPEC` which will error if the package
has not been published. This tags the CODEOWNERS in the release issue so
we know something went wrong.

This doesn't have much use now that we are moving everything to
`publish: true` but it would have caught a missing publish last week
that I missed on `@npmcli/fs`:
https://github.com/npm/fs/actions/runs/8946801618/job/24577963034#step:7:4

The `RELEASES` env var was only being set for the publish step, not the
check if published step.

Co-authored-by: Julian Møller Ellehauge <git@jumoel.com>

Co-authored-by: Julian Møller Ellehauge <git@jumoel.com>

Bumps [release-please](https://github.com/googleapis/release-please)
from 16.10.2 to 16.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/release-please/releases">release-please's
releases</a>.</em></p>
<blockquote>
<h2>v16.12.0</h2>
<h2><a
href="https://github.com/googleapis/release-please/compare/v16.11.0...v16.12.0">16.12.0</a>
(2024-06-06)</h2>
<h3>Features</h3>
<ul>
<li>issue a combined PR comment for all releases (<a
href="https://redirect.github.com/googleapis/release-please/issues/2286">#2286</a>)
(<a
href="https://github.com/googleapis/release-please/commit/719fdf565e9f92694e7e38edee1eadcd62334681">719fdf5</a>),
closes <a
href="https://redirect.github.com/googleapis/release-please/issues/2285">#2285</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>node:</strong> do not update versions of packages installed
using a protocol (<a
href="https://redirect.github.com/googleapis/release-please/issues/2281">#2281</a>)
(<a
href="https://github.com/googleapis/release-please/commit/eeb14111849aefa7024f754121f2c05a4e9ab1ea">eeb1411</a>),
closes <a
href="https://redirect.github.com/googleapis/release-please/issues/2173">#2173</a></li>
</ul>
<h2>v16.11.0</h2>
<h2><a
href="https://github.com/googleapis/release-please/compare/v16.10.2...v16.11.0">16.11.0</a>
(2024-06-06)</h2>
<h3>Features</h3>
<ul>
<li><strong>php-yoshi:</strong> support BEGIN_VERSION_OVERRIDE in
php-yoshi (<a
href="https://redirect.github.com/googleapis/release-please/issues/2300">#2300</a>)
(<a
href="https://github.com/googleapis/release-please/commit/b9d454470053866d1c89ee30110d23f1818dee60">b9d4544</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/release-please/blob/main/CHANGELOG.md">release-please's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/release-please/compare/v16.11.0...v16.12.0">16.12.0</a>
(2024-06-06)</h2>
<h3>Features</h3>
<ul>
<li>issue a combined PR comment for all releases (<a
href="https://redirect.github.com/googleapis/release-please/issues/2286">#2286</a>)
(<a
href="https://github.com/googleapis/release-please/commit/719fdf565e9f92694e7e38edee1eadcd62334681">719fdf5</a>),
closes <a
href="https://redirect.github.com/googleapis/release-please/issues/2285">#2285</a></li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>node:</strong> do not update versions of packages installed
using a protocol (<a
href="https://redirect.github.com/googleapis/release-please/issues/2281">#2281</a>)
(<a
href="https://github.com/googleapis/release-please/commit/eeb14111849aefa7024f754121f2c05a4e9ab1ea">eeb1411</a>),
closes <a
href="https://redirect.github.com/googleapis/release-please/issues/2173">#2173</a></li>
</ul>
<h2><a
href="https://github.com/googleapis/release-please/compare/v16.10.2...v16.11.0">16.11.0</a>
(2024-06-06)</h2>
<h3>Features</h3>
<ul>
<li><strong>php-yoshi:</strong> support BEGIN_VERSION_OVERRIDE in
php-yoshi (<a
href="https://redirect.github.com/googleapis/release-please/issues/2300">#2300</a>)
(<a
href="https://github.com/googleapis/release-please/commit/b9d454470053866d1c89ee30110d23f1818dee60">b9d4544</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/release-please/commit/3895d8987cf194cb33a13b725a8380071917322f"><code>3895d89</code></a>
chore(main): release 16.12.0 (<a
href="https://redirect.github.com/googleapis/release-please/issues/2303">#2303</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/719fdf565e9f92694e7e38edee1eadcd62334681"><code>719fdf5</code></a>
feat: issue a combined PR comment for all releases (<a
href="https://redirect.github.com/googleapis/release-please/issues/2286">#2286</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/eeb14111849aefa7024f754121f2c05a4e9ab1ea"><code>eeb1411</code></a>
fix(node): do not update versions of packages installed using a protocol
(<a
href="https://redirect.github.com/googleapis/release-please/issues/2281">#2281</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/39adf7447f327113b72e13478cac5acbf56089d0"><code>39adf74</code></a>
chore(main): release 16.11.0 (<a
href="https://redirect.github.com/googleapis/release-please/issues/2302">#2302</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/b9d454470053866d1c89ee30110d23f1818dee60"><code>b9d4544</code></a>
feat(php-yoshi): support BEGIN_VERSION_OVERRIDE in php-yoshi (<a
href="https://redirect.github.com/googleapis/release-please/issues/2300">#2300</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/4a26987ebc82dbac895fa93ced695a2856517aba"><code>4a26987</code></a>
chore(deps): update dependency sinon to v18 (<a
href="https://redirect.github.com/googleapis/release-please/issues/2293">#2293</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/3d6f6acfa0d25307f21f44cab633559ebfcc2968"><code>3d6f6ac</code></a>
chore(deps): update dependency <code>@​types/sinon</code> to v17 (<a
href="https://redirect.github.com/googleapis/release-please/issues/2292">#2292</a>)</li>
<li><a
href="https://github.com/googleapis/release-please/commit/656b9a9ad1ec77853d16ae1f40e63c4da1e12f0f"><code>656b9a9</code></a>
ci: use correct release-please-action domain after organization url was
chang...</li>
<li><a
href="https://github.com/googleapis/release-please/commit/cb106cd0b5ae5c3e2a3b015487dc615eba72b842"><code>cb106cd</code></a>
docs: tweak typo in the spelling of release (<a
href="https://redirect.github.com/googleapis/release-please/issues/2273">#2273</a>)</li>
<li>See full diff in <a
href="https://github.com/googleapis/release-please/compare/v16.10.2...v16.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=release-please&package-manager=npm_and_yarn&previous-version=16.10.2&new-version=16.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Gar <gar+gh@danger.computer>

🤖 I have created a release *beep* *boop*
---


##
[4.23.0](v4.22.0...v4.23.0)
(2024-06-27)

### Features

*
[`60ee94f`](60ee94f)
[#447](#447) add prettier
support (@lukekarrys, @jumoel)

### Bug Fixes

*
[`b35bca5`](b35bca5)
[#447](#447) run prettier
(@lukekarrys)
*
[`8aef509`](8aef509)
[#446](#446) dont conclude
checks if they were never set (#446) (@lukekarrys)
*
[`9440c4f`](9440c4f)
[#444](#444) pass releases to
publish check (#444) (@lukekarrys)

### Dependencies

*
[`8252fb2`](8252fb2)
[#452](#452) bump release-please
from 16.10.2 to 16.12.0 (#452) (@dependabot[bot], @wraithgar)

### Chores

*
[`b07d17a`](b07d17a)
[#448](#448) add
.git-blame-ignore-revs for initial prettier (#448) (@lukekarrys)
*
[`210247e`](210247e)
[#447](#447) add prettier:true
to template-oss config (@lukekarrys, @jumoel)
*
[`1a073e4`](1a073e4)
[#443](#443) bump
@npmcli/template-oss to 4.22.0 (@lukekarrys)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

<!-- What / Why -->
<!-- Describe the request in detail. What it does and why it's being
changed. -->

`steps.metadata.outputs.directory` is set to `/main`, not `/`, when
`package.json` is at the root of the repository. I suspect adding
`target-branch` to `dependabot.yml` (#330) added a `main` segment to
Dependabot PR branch names, which changed the value of
`steps.metadata.outputs.directory`.

By fixing this issue, we shouldn't need to routinely use stafftools to
fix up template-oss Dependabot PRs. 🤞🏼

I couldn't quickly find a `bump @npmcli/template-oss` Dependabot PR for
a workspace to inspect `steps.metadata.outputs.directory` and fix
workspaces support. If that's important, we may want to either enable
Dependabot for `npm/cli` or create a separate `template-oss-test` repo.
It's not clear if Dependabot will create a PR for
`workspace/test-workspace` upon our next release.

### Example Dependabot PR branch names

The first PR updates just `@npmcli/template-oss`. The second updates
multiple dependencies including `@npmcli/template-oss`.

PR | branch name | segments | steps.metadata.outputs.directory
-|-|-|-
npm/agent#110 |
`dependabot/npm_and_yarn/main/npmcli/template-oss-4.23.0` | 5 | `/main`
npm/statusboard#877 |
`dependabot/npm_and_yarn/main/dependency-updates-4de8b5bfcf` | 4 | `/`

## References
<!-- Examples:
  Related to #0
  Depends on #0
  Blocked by #0
  Fixes #0
  Closes #0
-->

Failed "Post Dependabot" run:
https://github.com/npm/agent/actions/runs/9963674341/job/27530225303

Fix manually tested here:
npm/agent@ef85b08


[branchNameToDirectoryName](https://github.com/dependabot/fetch-metadata/blob/ffa2dc8ffecf17d26f6a81b83f9ef5edd33ba93a/src/dependabot/update_metadata.ts#L31)

Bug report: dependabot/fetch-metadata#540

🤖 I have created a release *beep* *boop*
---


##
[4.23.1](v4.23.0...v4.23.1)
(2024-07-17)

### Bug Fixes

*
[`ca47705`](ca47705)
[#462](#462) Use
`include-workspace-root` for `/main` in Post Dependabot (#462)
(@hashtagchris)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

v3 uses a newer nodejs image

<!-- What / Why -->
<!-- Describe the request in detail. What it does and why it's being
changed. -->

Our breaking change footers related to engine changes are often >100
characters, resulting in commitlint CI failures.

<!-- Examples:
  Related to #0
  Depends on #0
  Blocked by #0
  Fixes #0
  Closes #0
-->

Example CI failure:
https://github.com/npm/ssri/actions/runs/10169599799/job/28126863705#step:7:12

Associated PR: npm/ssri#137

🤖 I have created a release *beep* *boop*
---


##
[4.23.2](v4.23.1...v4.23.2)
(2024-08-13)

### Bug Fixes

*
[`fa37073`](fa37073)
[#469](#469) proper workspace
tap config for tap18 and up (@wraithgar)
*
[`6a2200d`](6a2200d)
[#465](#465) omit nyc config for
all tap versions above 18 (#465) (@wraithgar)
*
[`6ee703d`](6ee703d)
Don't restrict length for commit message footer (#467) (@hashtagchris)
*
[`87d3ed9`](87d3ed9)
[#466](#466) update codeql
runner version (#466) (@wraithgar)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

release-please will re-inject the entire changelog when looking
for the existing dependencies section in some cases. Have multiple
newlines between sections of the changelog triggers that behavior
because it looks for lines that do no start with '*' but it does
not account for empty lines

🤖 I have created a release *beep* *boop*
---


##
[4.23.3](v4.23.2...v4.23.3)
(2024-08-26)
### Bug Fixes
*
[`a102a8b`](a102a8b)
[#471](#471) no duplicate
changelog entries (#471) (@lukekarrys)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>