revert back to use regular flow instead of composite#251
Conversation
There was a problem hiding this comment.
Pull request overview
Reverts the npm publish GitHub Action from a composite action back to an inline “regular” Node/npm workflow for building and publishing on release.
Changes:
- Add explicit Node.js setup via
actions/setup-node. - Install dependencies and build the package before publishing.
- Replace the composite
npm-publishaction withnpm run publish.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| node-version: "24" | ||
| registry-url: "https://registry.npmjs.org" |
There was a problem hiding this comment.
node-version: "24" is inconsistent with the versions exercised in CI (18.x/20.x in .github/workflows/ci.yml) and may cause publish-only build failures or dependency incompatibilities. Consider pinning to a tested LTS line (e.g., 20.x) or using lts/*/an engines-derived version so the publish workflow matches the supported runtime.
| - name: Build package | ||
| run: npm run package | ||
|
|
||
| - name: Publish to npm |
There was a problem hiding this comment.
The publish step runs npm run publish but the workflow does not provide any npm authentication (e.g., NODE_AUTH_TOKEN from a repo/org secret) or an explicit npm trusted-publishing/provenance setup. On a standard GitHub runner this will fail with an auth error when npm publish is executed; please wire in the intended auth mechanism.
| - name: Publish to npm | |
| - name: Publish to npm | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
No description provided.