Config: Add reusable npm publish workflow (callable across package repos)

[PetarStoev02]

Context

Several repos in the org publish to npm (ui, registry, cli, config itself). Each currently has — or will have — its own publish workflow, which means drift over time. A single reusable GitHub Actions workflow in this repo, called via workflow_call, keeps the publish flow consistent and easy to evolve.

What to build

Create .github/workflows/publish-npm.yml as a reusable workflow (on: workflow_call) that:

• Accepts inputs: package-path (default .), node-version (default 20), dist-tag (default latest)
• Accepts secrets: NPM_TOKEN
• Runs: install → build → test → publish
• Uses provenance (--provenance flag on npm publish) for supply-chain attestation
• Posts a comment on the triggering PR / release with the published version

Wire one consumer repo (recommend registry) to the new reusable workflow as an example.

Acceptance criteria

• Reusable workflow exists in this repo and is documented
• At least one consumer repo successfully publishes via it
• Provenance is included on the published artifact
• Workflow handles both manual triggers and release-tag triggers
• Failure modes (test failure, npm auth failure) produce clear logs

Pointers

• Related: config Add reusable GitHub Actions workflows #2 (Reusable GitHub Actions workflows — this is one concrete instance of it)
• Reference: GitHub docs on reusable workflows + npm provenance

Complexity

🟡 Intermediate