keep published packages and github releases in sync

Author: kapravel

.github/workflows/provenance.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
-      contents: read
+      contents: write
       id-token: write
 
     steps:
@@ -30,7 +30,34 @@ jobs:
           scope: '@socketregistry'
       - run: npm install -g npm@latest
       - run: npm ci
+      - name: Get package version
+        id: package-version
+        run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
+      - run: npm pack
       - run: npm publish --provenance --access public
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
           SOCKET_CLI_DEBUG: ${{ inputs.debug }}
+      - name: Create GitHub Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.package-version.outputs.version }}
+          release_name: Release v${{ steps.package-version.outputs.version }}
+          body: |
+            Release of @socketsecurity/mcp v${{ steps.package-version.outputs.version }}
+            
+            This release has been published to npm with provenance.
+          draft: false
+          prerelease: false
+      - name: Upload Package to Release
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./socketsecurity-mcp-${{ steps.package-version.outputs.version }}.tgz
+          asset_name: socketsecurity-mcp-${{ steps.package-version.outputs.version }}.tgz
+          asset_content_type: application/gzip