Fix release workflow

[nscuro]

Description

Fixes release workflow.

It turns out that creating a draft release doesn't trigger a release: created event. Instead, we need to push a tag, which then fires the push: tags event.

For this to work, the push must be performed with a non-default PAT. A BOT_RELEASE_GITHUB_TOKEN secrets has been created with minimal privileges, and scoped to this repository.

Note that tags were previously created implicitly when creating the GitHub release.

Addressed Issue

N/A

Additional Details

N/A

Checklist

• I have read and understand the contributing guidelines
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

[owasp-dt-bot]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Copilot]

Pull request overview

Updates the release/publish GitHub Actions workflows so that publishing is triggered by pushing a version tag (instead of relying on a release: created event), and ensures the tag push is performed with a non-default bot PAT.

Changes:

• Update the publish workflow trigger from release: created to push on version tags.
• Adjust the release workflow to create a version tag via npm version (no v prefix), push the tag, and use BOT_RELEASE_GITHUB_TOKEN for authenticated operations.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
.github/workflows/ci-release.yaml	Uses bot PAT for checkout + GitHub release creation; ensures npm version produces a numeric tag and pushes it.
.github/workflows/ci-publish.yaml	Switches publish trigger to push events for numeric tags to align with tag-based release flow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.