Add npm-publish workflow for Node.js package

[TonyCasey]

This workflow runs tests and publishes a Node.js package to GitHub Packages upon release creation.

Summary by CodeRabbit

• Chores
  • Automated build, testing, and package publishing workflows on release creation to streamline the release process and ensure code quality.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow was added to automate Node.js package building, testing, and npm publishing on release creation. The workflow runs a build job that executes npm ci and npm test, followed by a publish-npm job that publishes the package to npm using a stored token.

Changes

Cohort / File(s)	Summary
GitHub Actions npm Publish Workflow .github/workflows/npm-publish.yml	New workflow file that defines a two-job pipeline: a build job running npm ci and npm test on Node.js 20, and a publish-npm job that depends on build and publishes to npm registry using NODE_AUTH_TOKEN secret.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: add semantic-release for automatic versioning #50: Modifies the same .github/workflows/npm-publish.yml workflow, potentially replacing or removing the newly added npm-publish workflow for semantic-release integration.
• fix(ci): add fetch-depth to release workflows lisa#200: Updates the checkout step in .github/workflows/npm-publish.yml with fetch-depth: 0 to ensure full git history access, directly affecting the workflow defined in this PR.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch TonyCasey-patch-1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds a new GitHub Actions workflow (npm-publish.yml) that is triggered on release creation and is intended to run tests and publish the package. However, the workflow has several critical issues including a mismatch between the PR description (which mentions GitHub Packages) and the actual registry configuration (npmjs.org), a missing build step that would cause publishing to fail, and redundancy with the existing semantic-release automation already in place.

Changes:

• Added npm-publish.yml workflow with build and publish-npm jobs triggered on release creation
• Workflow runs tests in build job, then publishes to npm registry in publish-npm job

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The CI workflow includes "cache: 'npm'" in the setup-node action (.github/workflows/ci.yml:21) to speed up dependency installation. This workflow should include the same caching configuration for consistency and improved performance.

[Copilot]

The release-on-merge workflow includes specific permissions configuration for npm publishing (.github/workflows/release-on-merge.yml:16-20), including "id-token: write" for npm provenance. This workflow should include similar permissions, particularly "id-token: write" if publishing with provenance is desired, or at minimum document why different permissions are appropriate.

[Copilot]

The PR description states this workflow publishes to "GitHub Packages", but the registry URL points to npmjs.org (the public npm registry). If the intent is to publish to GitHub Packages, the registry URL should be "https://npm.pkg.github.com/" instead. If publishing to the public npm registry is intended, the PR description should be updated to reflect this.

[Copilot]

This workflow specifies Node.js version 20, but the existing CI workflow (.github/workflows/ci.yml:20) and release-on-merge workflow (.github/workflows/release-on-merge.yml:31) both use Node.js version 22. For consistency and to ensure the build environment matches other workflows, this should be updated to version 22.

[Copilot]

This workflow specifies Node.js version 20, but the existing CI workflow (.github/workflows/ci.yml:20) and release-on-merge workflow (.github/workflows/release-on-merge.yml:31) both use Node.js version 22. For consistency and to ensure the build environment matches other workflows, this should be updated to version 22.

[Copilot]

The publish job is missing a build step before running npm publish. The package.json specifies "files": ["dist"], meaning only the dist directory is published. Without running "npm run build" first (as done in .github/workflows/ci.yml:26-27 and .github/workflows/release-on-merge.yml:37-38), the dist directory will not exist or will be out of date, causing the publish to fail or publish stale code.

Suggested change

	- run: npm ci
	- run: npm ci
	- run: npm run build

[Copilot]

The existing release-on-merge.yml workflow already handles automated npm publishing via semantic-release on every push to main (.github/workflows/release-on-merge.yml:43-48). This creates a duplicate publishing mechanism that could cause conflicts. Consider whether this workflow is necessary, or if it serves a different purpose than the existing automated release process. If both are needed, clarify the distinct use cases in comments.

[Copilot]

The CI workflow includes "cache: 'npm'" in the setup-node action (.github/workflows/ci.yml:21) to speed up dependency installation. This workflow should include the same caching configuration for consistency and improved performance.