Skip to content

Add GitHub Actions workflow for npm package publishing #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Kelleretoro wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add GitHub Actions workflow for npm package publishing #15

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions .github/workflows/npm-publish-github-packages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# This workflow will run tests using node and then publish a package to GitHub Packages when a release is created
# For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages

name: Node.js Package

on:
release:
types: [created]

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
Comment on lines +15 to +17
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Consider using cache for npm dependencies to speed up the workflow. Both the build and publish-gpr jobs run npm ci, which re-downloads all dependencies each time. You can improve workflow performance by caching the npm dependencies.

Add caching to the actions/setup-node step:

- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: 'npm'

This will cache the npm dependencies and significantly reduce workflow execution time, especially for projects with many dependencies.

Copilot uses AI. Check for mistakes.
- run: npm ci
- run: npm test
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow runs npm test but the package.json file (at least in the github-actions/ directory) doesn't define a test script. This will cause the build job to fail with an error like "missing script: test".

Before this workflow can run successfully, ensure that a test script is defined in the package.json file, or remove this step if testing is not required for the publishing workflow.

Suggested change
- run: npm test

Copilot uses AI. Check for mistakes.
Comment on lines +18 to +19
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow runs npm ci and npm test at the repository root, but this repository appears to be a monorepo with multiple example projects in subdirectories (e.g., github-actions/, nodejs/, express/, etc.), and there's no package.json file at the root level.

This will cause the workflow to fail with an error when trying to run npm ci because npm cannot find a package.json file.

Consider one of the following solutions:

  1. If you want to publish a specific package, add a working-directory to the workflow steps (e.g., working-directory: ./github-actions)
  2. If you want to publish the root as a package, add a package.json file at the repository root
  3. If you want to publish multiple packages, consider using a matrix strategy to publish each package separately

Copilot uses AI. Check for mistakes.

publish-gpr:
needs: build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
registry-url: https://npm.pkg.github.com/
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Consider adding npm dependency caching here as well to speed up the publish job. Add the cache: 'npm' parameter to the actions/setup-node step:

- uses: actions/setup-node@v4
  with:
    node-version: 20
    registry-url: https://npm.pkg.github.com/
    cache: 'npm'

This will reuse the cached dependencies and reduce workflow execution time.

Suggested change
registry-url: https://npm.pkg.github.com/
registry-url: https://npm.pkg.github.com/
cache: 'npm'

Copilot uses AI. Check for mistakes.
- run: npm ci
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The npm publish step will fail without proper package.json configuration for GitHub Packages. For successful publishing to GitHub Packages, the package.json file must include:

  1. A scoped package name in the format @owner/package-name (e.g., "name": "@your-username/your-package")
  2. A repository field pointing to this GitHub repository
  3. Optionally, a publishConfig section specifying the registry: 
    "publishConfig": {
  "registry": "https://npm.pkg.github.com"
}

Without these configurations, the publish step will either fail or attempt to publish to the public npm registry instead of GitHub Packages.

Suggested change
- run: npm ci
- run: npm ci
- name: Ensure package.json is configured for GitHub Packages
run: |
OWNER=$(echo "${GITHUB_REPOSITORY}" | cut -d'/' -f1)
REPO=$(echo "${GITHUB_REPOSITORY}" | cut -d'/' -f2)
PACKAGE_NAME=$(jq -r '.name' package.json)
# Ensure scoped package name
if [[ "$PACKAGE_NAME" != "@$OWNER/"* ]]; then
jq --arg owner "$OWNER" --arg name "$PACKAGE_NAME" '.name = "@" + $owner + "/" + $name' package.json > package.tmp.json && mv package.tmp.json package.json
fi
# Ensure repository field
jq --arg repo "github:${GITHUB_REPOSITORY}" '.repository = $repo' package.json > package.tmp.json && mv package.tmp.json package.json
# Ensure publishConfig.registry
jq '.publishConfig.registry = "https://npm.pkg.github.com"' package.json > package.tmp.json && mv package.tmp.json package.json

Copilot uses AI. Check for mistakes.
- run: npm publish
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] Consider adding the --access public flag to the npm publish command if you intend to make this package publicly accessible. By default, scoped packages (required for GitHub Packages) are published as private.

If the package should be publicly accessible, update the command to:

- run: npm publish --access public

Note: This assumes the package.json has a scoped name. Without specifying access level, the publish may fail or create a private package depending on your GitHub organization settings.

Suggested change
- run: npm publish
- run: npm publish --access public

Copilot uses AI. Check for mistakes.
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
Copy link

Copilot AI Nov 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] There's a spacing issue in the secret reference. The expression ${{secrets.GITHUB_TOKEN}} should have spaces around the braces for better readability and consistency with GitHub Actions best practices.

Update to:

NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

While the current syntax will work, adding spaces is the recommended style in GitHub Actions documentation.

Suggested change
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Copilot uses AI. Check for mistakes.