Implement GitHub release step in CI workflow

[bourgeoa]

Added GitHub release step to CI workflow for automatic versioning and release creation.

[Copilot]

Pull request overview

Adds an automated GitHub Release creation job to the existing CI workflow, intended to create (or reuse) a vX.Y.Z tag/release from the package.json version after a successful publish to npm on pushes to main.

Changes:

• Introduces a new github-release job that runs after npm-publish-latest on push to main.
• Computes a release tag from package.json and uses gh release to create the release (skipping if it already exists).
• Handles both “tag already exists” and “tag missing” cases when creating the release.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The release_tag step writes an output (tag=...) but that output is never consumed; the tag is recomputed again in the next step. Either reference steps.release_tag.outputs.tag in the release creation step, or remove this step to avoid duplication/confusion.

[Copilot]

TAG is derived from package.json again here instead of using the previously computed output. This duplication increases the chance of the tag computation drifting over time (e.g., if the version source changes). Prefer using the earlier computed value consistently.

Suggested change

	TAG="v$(node -p "require('./package.json').version")"
	TAG="${{ steps.release_tag.outputs.tag }}"

[Copilot]

actions/checkout is referenced by a mutable major tag (@v6). For stronger supply-chain security and reproducibility, pin this action to a specific commit SHA (or at least a well-known stable major used elsewhere in the org) rather than a floating major tag.

Suggested change

	- uses: actions/checkout@v6
	- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.2