2.2.0 #1

	name: Release
	on:
	push: { tags: "v[0-9]+.[0-9]+.[0-9]+*" }

	permissions: {}
	jobs:
	github:
	permissions: { contents: write }
	runs-on: ubuntu-latest
	steps:
	- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
	with: { egress-policy: audit }
	- uses: actions/checkout@v4
	# TODO exit this job differently than success if release already exists
	- name: gh release create
	run: \|
	# shellcheck disable=SC2086
	gh release view $tag \|\| \
	gh release create ${tag/-/"$tag" --prerelease} --generate-notes
	env:
	GH_TOKEN: ${{ github.token }}
	tag: ${{ github.ref_name }}

	npm:
	permissions: { id-token: write }
	runs-on: ubuntu-latest
	steps:
	- uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
	with: { egress-policy: audit }
	- uses: actions/checkout@v4
	- uses: actions/setup-node@v4
	with:
	registry-url: https://registry.npmjs.org
	- run: npm ci
	- run: npm publish --provenance
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Provide feedback