Update Node.js version requirements for release automation

[stiwicourage]

Summary

• Fix release automation around the prerelease handoff and PowerShell Gallery publishing.
  • Update-NovaModuleVersion -ContinuousIntegration now falls back to a patch bump when HEAD already matches the
    latest tag, so the publish workflow can prepare the next prerelease version without requiring an extra commit first.
  • The semantic-release PSGallery publish path now bootstraps the PSResourceGet repository store before calling
    Publish-PSResource, and the publish script now fails fast on publish errors.
• This change was needed because the current main release flow can legitimately hit Cannot bump version because there are no commits since the latest tag. after a release, and that should remain a normal error outside CI while still
  allowing the CI prerelease-seeding path to continue. It was also needed because fresh GitHub Actions runners can miss
  PSResourceRepository.xml, which caused the PSGallery publish step to fail before the repository store existed.
• Follow-up / context: #140.

Affected area

• nova CLI or command routing
• Public PowerShell cmdlet behavior
• Scaffolding or project.json handling
• Build, test, analyzer, coverage, or CI helper flow
• Package, raw upload, or package metadata workflow
• Publish, release, semantic-release, or GitHub Actions automation
• Self-update or notification preference behavior
• Contributor documentation (README.md, CONTRIBUTING.md, repository workflow docs)
• End-user docs (docs/*.html)
• Command help (docs/NovaModuleTools/en-US/*.md)
• src/resources/example/
• Dependency or manifest changes (package.json, workflow dependencies, release tooling)
• Security-sensitive change
• Documentation-only change
• Other

Review guidance

• Start with the two main code paths:
  1. src/private/release/GetNovaVersionLabelForBump.ps1 together with
     src/private/release/GetNovaVersionUpdateWorkflowContext.ps1 for the CI-only tagged-head bump fallback.
  2. scripts/release/Publish-ToPSGallery.ps1, scripts/release/SemanticReleaseSupport.ps1, and
     scripts/release/support/Initialize-PSGalleryRepository.ps1 for the semantic-release PSGallery bootstrap and
     fail-fast behavior.
• Primary files changed:
  • src/private/release/GetNovaVersionLabelForBump.ps1
  • src/private/release/GetNovaVersionUpdateWorkflowContext.ps1
  • scripts/release/Publish-ToPSGallery.ps1
  • scripts/release/SemanticReleaseSupport.ps1
  • scripts/release/support/Get-PSResourceRepositoryStoreDirectory.ps1
  • scripts/release/support/Initialize-PSGalleryRepository.ps1
  • tests/NovaCommandModel.BumpAndCli.Tests.ps1
  • tests/CoverageGaps.ReleaseInternals.Tests.ps1
  • tests/SemanticRelease.Tests.ps1
  • README.md
  • CHANGELOG.md
• Trade-offs / limitations:
  • The no-commits-since-tag guard is still enforced for normal local use; the bypass applies only when CI is explicitly
    requested.
  • The workflow file still contains an explicit PSGallery bootstrap in the develop branch path, so there is now some
    duplication between workflow setup and the publish script hardening.

Validation

• Invoke-NovaBuild
• Test-NovaBuild
• ./scripts/build/Invoke-ScriptAnalyzerCI.ps1
• ./scripts/build/ci/Invoke-NovaModuleToolsCI.ps1
• Targeted Nova workflow validated (% nova build, % nova test, % nova merge, % nova deploy, % nova publish,
  % nova release, % nova update, % nova notification, or % nova init as relevant)
• Docs/example only; executable validation not needed

Validation notes:

Focused validation:
- pwsh -NoLogo -NoProfile -Command 'Import-Module NovaModuleTools -Force; Invoke-NovaBuild; Invoke-Pester ./tests/NovaCommandModel.BumpAndCli.Tests.ps1,./tests/CoverageGaps.ReleaseInternals.Tests.ps1,./tests/SemanticRelease.Tests.ps1 -Output Detailed'
  => Tests Passed: 102, Failed: 0

- pwsh -NoLogo -NoProfile -Command 'Import-Module NovaModuleTools -Force; Invoke-NovaBuild; Invoke-Pester ./tests/SemanticRelease.Tests.ps1 -Output Detailed'
  => Tests Passed: 7, Failed: 0

Full validation:
- pwsh -NoLogo -NoProfile -Command 'Import-Module NovaModuleTools -Force; Invoke-NovaBuild; Test-NovaBuild'
  => Tests Passed: 628, Failed: 0

- pwsh -NoLogo -NoProfile -File ./scripts/build/ci/Invoke-NovaModuleToolsCI.ps1 -OutputDirectory ./artifacts/coverage-target
  => Tests Passed: 628, Failed: 0
  => Covered 99,94% / 75%. 3.156 analyzed Commands in 1 File.

If you need the exact failure being addressed, the relevant scenarios were:
- normal non-CI bump on tagged HEAD: still errors with 'Cannot bump version because there are no commits since the latest tag.'
- CI bump on tagged HEAD: now falls back to Patch and continues
- semantic-release PSGallery publish on a fresh runner: now bootstraps PSResourceGet repository state before Publish-PSResource

Documentation and release follow-up

• README.md reviewed and updated if contributor workflow, architecture, CI, release, or automation changed
• CONTRIBUTING.md reviewed and updated if contribution expectations or review guidance changed
• CHANGELOG.md reviewed and updated if the change matters to users, maintainers, or contributors
• docs/NovaModuleTools/en-US/ help updated if a public command or CLI behavior changed
• docs/*.html updated if end-user workflows or examples changed
• src/resources/example/ reviewed and updated if the real-world project layout, package model, or upload workflow
  changed
• No documentation, changelog, or example updates were needed

Maintainability, compatibility, and risk

• Code Health / maintainability impact considered
• No breaking change
• Breaking change
• Security-sensitive change
• CI, workflow, or release-pipeline impact
• Dependency-review impact

Risk, rollout, or rollback notes:

Compatibility impact is low and targeted:
- local/non-CI version bumps keep their existing tagged-head failure behavior
- CI/release automation gets the new fallback only when -ContinuousIntegration is explicitly requested
- PSGallery publishing now stops the release step immediately if Publish-PSResource fails

Rollback guidance:
- if the CI bump fallback is problematic, revert the Get-NovaVersionLabelForBump / Get-NovaVersionUpdateWorkflowContext change pair
- if the PSGallery bootstrap is problematic, revert the Publish-ToPSGallery / SemanticReleaseSupport / support-helper changes together

Maintainer follow-up:
- consider removing duplicated PSGallery bootstrap logic from .github/workflows/Publish.yml now that the publish script is self-bootstrapping

Important

Do not use a public pull request to disclose a vulnerability before coordinated handling.
Use the private reporting path in SECURITY.md for new security issues.

[codescene-delta-analysis]

Gates Passed
6 Quality Gates Passed

See analysis details in CodeScene

Quality Gate Profile: Pay Down Tech Debt
Install CodeScene MCP: safeguard and uplift AI-generated code. Catch issues early with our IDE extension and CLI tool.