Migrate CI/CD from CircleCI to GitHub Actions with OIDC npm publish (#400)

* Initial plan

* Migrate CI/CD to GitHub Actions, bump version to 32.5.0

Agent-Logs-Url: https://github.com/linn/react-components-library/sessions/e904388b-0c3e-47ac-80e4-f1083e00aa3a

Co-authored-by: lewisrenfrew <16683709+lewisrenfrew@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: lewisrenfrew <16683709+lewisrenfrew@users.noreply.github.com>

Author: Copilot

.github/workflows/ci-cd.yml

@@ -0,0 +1,120 @@
+name: CI/CD
+
+on:
+  push:
+    branches:
+      - main
+      - '*prerelease*'
+
+permissions:
+  contents: read
+  id-token: write
+  pages: write
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - run: npm ci
+
+      - run: npm run build
+
+      - run: npm test
+
+  publish:
+    needs: build-and-test
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main' || contains(github.ref, 'prerelease')
+    environment: production
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          registry-url: 'https://registry.npmjs.org'
+
+      - run: npm run build
+
+      - name: Check if version has changed
+        id: version-check
+        run: |
+          CURRENT=$(node -p "require('./package.json').version")
+          PREVIOUS=$(git show HEAD~1:package.json | node -p "JSON.parse(require('fs').readFileSync('/dev/stdin','utf8')).version" 2>/dev/null || echo "")
+          echo "current=$CURRENT" >> "$GITHUB_OUTPUT"
+          echo "previous=$PREVIOUS" >> "$GITHUB_OUTPUT"
+          if [ "$CURRENT" != "$PREVIOUS" ]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Publish to npm
+        if: steps.version-check.outputs.changed == 'true'
+        run: npm publish --provenance
+
+      - name: Write step summary (no publish)
+        if: steps.version-check.outputs.changed == 'false'
+        run: |
+          echo "## ℹ️ No npm package published" >> "$GITHUB_STEP_SUMMARY"
+          echo "" >> "$GITHUB_STEP_SUMMARY"
+          echo "The version in \`package.json\` (\`${{ steps.version-check.outputs.current }}\`) was not incremented since the previous commit. No package was published to npm." >> "$GITHUB_STEP_SUMMARY"
+          echo "If you intended to publish a new version, please bump the version number." >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Post commit comment (no publish)
+        if: steps.version-check.outputs.changed == 'false'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.repos.createCommitComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              commit_sha: context.sha,
+              body: 'ℹ️ **No npm package published** — the version in `package.json` was not incremented. If you intended to publish a new version, please bump the version number.'
+            });
+
+  deploy-storybook:
+    needs: build-and-test
+    runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    concurrency:
+      group: storybook
+      cancel-in-progress: false
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - run: npm ci
+
+      - run: npm run build-storybook
+
+      - uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./storybook-static
+
+      - uses: actions/deploy-pages@v4
+        id: deployment

.github/workflows/deploy-github-pages.yml

@@ -1,4 +1,6 @@
 # Changelog
+## [32.5.0] - 2026-04-22
+- Migrate CI/CD from CircleCI to GitHub Actions (ci-cd.yml). npm publishing now uses OIDC Trusted Publisher instead of a stored NPM_TOKEN secret, with npm provenance attestation. Storybook deployment consolidated into the same workflow. Publish step now skips gracefully (with a commit comment notification) if the package version has not been incremented.
 ## [32.4.0] - 2026-04-20
 - Add option to pass hideFromEdit Y/N to Dropdown to support allow obsolete fields to be displayed but not selected.
 ## [32.3.3] - 2026-03-03

CHANGELOG.md

@@ -1,6 +1,6 @@
 {
   "name": "@linn-it/linn-form-components-library",
-  "version": "32.4.0",
+  "version": "32.5.0",
   "private": false,
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",