[AI] Add release-triggered npm publishing workflow

intellectronica · intellectronica · commit 510ea0bfb5c6 · 2026-02-18T16:35:20.000+01:00
diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml
@@ -0,0 +1,52 @@
+name: Publish npm Package
+
+on:
+  release:
+    types:
+      - published
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: https://registry.npmjs.org
+
+      - name: Validate release tag matches package version
+        run: |
+          PACKAGE_VERSION=$(node -p "require('./package.json').version")
+          TAG_NAME="${{ github.event.release.tag_name }}"
+          TAG_VERSION="${TAG_NAME#v}"
+
+          if [ "$TAG_VERSION" != "$PACKAGE_VERSION" ]; then
+            echo "Release tag ($TAG_NAME) does not match package version ($PACKAGE_VERSION)."
+            exit 1
+          fi
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Build
+        run: npm run build
+
+      - name: Publish prerelease to npm (next)
+        if: github.event.release.prerelease == true
+        run: npm publish --tag next --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Publish release to npm (latest)
+        if: github.event.release.prerelease == false
+        run: npm publish --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/AGENTS.md b/AGENTS.md
@@ -139,3 +139,8 @@ When asked to create commits in this repository:
   - Context: `--yaml` overlapped with `--base` by auto-detecting file paths, which created ambiguous query source behavior.
   - Decision: Restrict `--yaml`/`yaml` to inline YAML text and reject path-like input with guidance to use `--base`/`basePath`.
   - Consequence: CLI and library query-source semantics are clearer and avoid accidental mode switching based on filesystem state.
+
+- 2026-02-18 - Release-driven npm publishing
+  - Context: Package publication should happen automatically when a GitHub release is published.
+  - Decision: Add a `publish-npm` GitHub Actions workflow triggered by `release.published`, using `NPM_TOKEN` and validating release tag/version alignment before `npm publish`.
+  - Consequence: Publishing is automated and guarded against accidental version/tag mismatches.
