Add GitHub Actions workflow for npm package publishing

[Kelleretoro]

This workflow runs tests and publishes a Node.js package to GitHub Packages upon release creation.

[Copilot]

Pull request overview

This PR adds a GitHub Actions workflow for automating npm package publishing to GitHub Packages when a release is created. The workflow includes a build job that runs tests and a publish job that publishes the package to GitHub Packages using the GITHUB_TOKEN for authentication.

Key Changes:

• Added workflow triggered on release creation
• Configured two jobs: build (runs tests) and publish-gpr (publishes to GitHub Packages)
• Set up proper permissions for package publishing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The npm publish step will fail without proper package.json configuration for GitHub Packages. For successful publishing to GitHub Packages, the package.json file must include:

1. A scoped package name in the format @owner/package-name (e.g., "name": "@your-username/your-package")
2. A repository field pointing to this GitHub repository
3. Optionally, a publishConfig section specifying the registry:

   "publishConfig": {
     "registry": "https://npm.pkg.github.com"
   }

Without these configurations, the publish step will either fail or attempt to publish to the public npm registry instead of GitHub Packages.

Suggested change

	- run: npm ci
	- run: npm ci
	- name: Ensure package.json is configured for GitHub Packages
	run: |
	OWNER=$(echo "${GITHUB_REPOSITORY}" | cut -d'/' -f1)
	REPO=$(echo "${GITHUB_REPOSITORY}" | cut -d'/' -f2)
	PACKAGE_NAME=$(jq -r '.name' package.json)
	# Ensure scoped package name
	if [[ "$PACKAGE_NAME" != "@$OWNER/"* ]]; then
	jq --arg owner "$OWNER" --arg name "$PACKAGE_NAME" '.name = "@" + $owner + "/" + $name' package.json > package.tmp.json && mv package.tmp.json package.json
	fi
	# Ensure repository field
	jq --arg repo "github:${GITHUB_REPOSITORY}" '.repository = $repo' package.json > package.tmp.json && mv package.tmp.json package.json
	# Ensure publishConfig.registry
	jq '.publishConfig.registry = "https://npm.pkg.github.com"' package.json > package.tmp.json && mv package.tmp.json package.json

[Copilot]

[nitpick] Consider adding the --access public flag to the npm publish command if you intend to make this package publicly accessible. By default, scoped packages (required for GitHub Packages) are published as private.

If the package should be publicly accessible, update the command to:

- run: npm publish --access public

Note: This assumes the package.json has a scoped name. Without specifying access level, the publish may fail or create a private package depending on your GitHub organization settings.

Suggested change

	- run: npm publish
	- run: npm publish --access public

[Copilot]

The workflow runs npm test but the package.json file (at least in the github-actions/ directory) doesn't define a test script. This will cause the build job to fail with an error like "missing script: test".

Before this workflow can run successfully, ensure that a test script is defined in the package.json file, or remove this step if testing is not required for the publishing workflow.

Suggested change

- run: npm test

[Copilot]

[nitpick] Consider using cache for npm dependencies to speed up the workflow. Both the build and publish-gpr jobs run npm ci, which re-downloads all dependencies each time. You can improve workflow performance by caching the npm dependencies.

Add caching to the actions/setup-node step:

- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: 'npm'

This will cache the npm dependencies and significantly reduce workflow execution time, especially for projects with many dependencies.

[Copilot]

[nitpick] Consider adding npm dependency caching here as well to speed up the publish job. Add the cache: 'npm' parameter to the actions/setup-node step:

- uses: actions/setup-node@v4
  with:
    node-version: 20
    registry-url: https://npm.pkg.github.com/
    cache: 'npm'

This will reuse the cached dependencies and reduce workflow execution time.

Suggested change

	registry-url: https://npm.pkg.github.com/
	registry-url: https://npm.pkg.github.com/
	cache: 'npm'

[Copilot]

[nitpick] There's a spacing issue in the secret reference. The expression ${{secrets.GITHUB_TOKEN}} should have spaces around the braces for better readability and consistency with GitHub Actions best practices.

Update to:

NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

While the current syntax will work, adding spaces is the recommended style in GitHub Actions documentation.

Suggested change

	NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
	NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

[Copilot]

The workflow runs npm ci and npm test at the repository root, but this repository appears to be a monorepo with multiple example projects in subdirectories (e.g., github-actions/, nodejs/, express/, etc.), and there's no package.json file at the root level.

This will cause the workflow to fail with an error when trying to run npm ci because npm cannot find a package.json file.

Consider one of the following solutions:

1. If you want to publish a specific package, add a working-directory to the workflow steps (e.g., working-directory: ./github-actions)
2. If you want to publish the root as a package, add a package.json file at the repository root
3. If you want to publish multiple packages, consider using a matrix strategy to publish each package separately