Skip to content

Add npm-publish workflow for Node.js package #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TonyCasey merged 1 commit into from
Feb 16, 2026
Merged

Add npm-publish workflow for Node.js package #85

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions .github/workflows/npm-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages

name: Node.js Package

on:
release:
types: [created]

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow specifies Node.js version 20, but the existing CI workflow (.github/workflows/ci.yml:20) and release-on-merge workflow (.github/workflows/release-on-merge.yml:31) both use Node.js version 22. For consistency and to ensure the build environment matches other workflows, this should be updated to version 22.

Copilot uses AI. Check for mistakes.
Comment on lines +15 to +17
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CI workflow includes "cache: 'npm'" in the setup-node action (.github/workflows/ci.yml:21) to speed up dependency installation. This workflow should include the same caching configuration for consistency and improved performance.

Copilot uses AI. Check for mistakes.
- run: npm ci
- run: npm test

publish-npm:
needs: build
runs-on: ubuntu-latest
Comment on lines +21 to +23
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The release-on-merge workflow includes specific permissions configuration for npm publishing (.github/workflows/release-on-merge.yml:16-20), including "id-token: write" for npm provenance. This workflow should include similar permissions, particularly "id-token: write" if publishing with provenance is desired, or at minimum document why different permissions are appropriate.

Copilot uses AI. Check for mistakes.
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
Comment on lines +26 to +28
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CI workflow includes "cache: 'npm'" in the setup-node action (.github/workflows/ci.yml:21) to speed up dependency installation. This workflow should include the same caching configuration for consistency and improved performance.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow specifies Node.js version 20, but the existing CI workflow (.github/workflows/ci.yml:20) and release-on-merge workflow (.github/workflows/release-on-merge.yml:31) both use Node.js version 22. For consistency and to ensure the build environment matches other workflows, this should be updated to version 22.

Copilot uses AI. Check for mistakes.
registry-url: https://registry.npmjs.org/
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description states this workflow publishes to "GitHub Packages", but the registry URL points to npmjs.org (the public npm registry). If the intent is to publish to GitHub Packages, the registry URL should be "https://npm.pkg.github.com/" instead. If publishing to the public npm registry is intended, the PR description should be updated to reflect this.

Copilot uses AI. Check for mistakes.
- run: npm ci
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The publish job is missing a build step before running npm publish. The package.json specifies "files": ["dist"], meaning only the dist directory is published. Without running "npm run build" first (as done in .github/workflows/ci.yml:26-27 and .github/workflows/release-on-merge.yml:37-38), the dist directory will not exist or will be out of date, causing the publish to fail or publish stale code.

Suggested change
- run: npm ci
- run: npm ci
- run: npm run build

Copilot uses AI. Check for mistakes.
- run: npm publish
env:
NODE_AUTH_TOKEN: ${{secrets.npm_token}}
Comment on lines +1 to +33
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The existing release-on-merge.yml workflow already handles automated npm publishing via semantic-release on every push to main (.github/workflows/release-on-merge.yml:43-48). This creates a duplicate publishing mechanism that could cause conflicts. Consider whether this workflow is necessary, or if it serves a different purpose than the existing automated release process. If both are needed, clarify the distinct use cases in comments.

Copilot uses AI. Check for mistakes.