Add publish action

Brian J. · Brian J. · commit 8b7eddf69816 · 2025-10-27T14:03:21.000-07:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,39 @@
+name: Publish to NPM
+
+permissions:
+  contents: read
+  id-token: write
+
+on:
+  push:
+    tags:
+      - 'v*' # Trigger on version tags like v1.0.0, v1.2.3, etc.
+
+jobs:
+  publish:
+    environment: Release
+    name: Publish to NPM
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run tests
+        run: npm test
+
+      - name: Run linting
+        run: npm run lint
+
+      - name: Publish to NPM
+        run: npm publish
diff --git a/README.md b/README.md
@@ -39,6 +39,33 @@ npm test
 npx vitest run --coverage
 ```
 
+#### Release Process
+
+This package is automatically published to NPM via GitHub Actions when a new version tag is pushed.
+
+To publish a new version:
+
+1. **Bump the version** using one of these commands:
+
+   ```bash
+   npm run version:patch  # For bug fixes (0.4.0 → 0.4.1)
+   npm run version:minor  # For new features (0.4.0 → 0.5.0)
+   npm run version:major  # For breaking changes (0.4.0 → 1.0.0)
+   ```
+
+2. **Push the changes and tags**:
+
+   ```bash
+   npm run release
+   ```
+
+   This will run tests, linting, and push both commits and tags to GitHub.
+
+3. **GitHub Actions will automatically**:
+   - Run tests and linting
+   - Publish to NPM with provenance
+   - Use OIDC authentication for secure publishing
+
 ### ⚠️ **SECURITY WARNING**
 
 **The `rawNumber` field contains UNSANITIZED user input and poses XSS risks if displayed in web applications.**
diff --git a/package.json b/package.json
@@ -4,6 +4,9 @@
   "author": "bajohnson@hearsaycorp.com",
   "license": "BSD-3-Clause",
   "description": "Utility for extracting and validating phone numbers",
+  "publishConfig": {
+    "access": "public"
+  },
   "type": "module",
   "main": "src",
   "exports": {
@@ -22,7 +25,11 @@
     "test": "TZ=America/Los_Angeles vitest",
     "build": "node -e \"console.log('No build script for vanilla JS')\"",
     "prepare": "husky",
-    "make-badges": "istanbul-badges-readme"
+    "make-badges": "istanbul-badges-readme",
+    "version:patch": "npm version patch",
+    "version:minor": "npm version minor",
+    "version:major": "npm version major",
+    "release": "npm run test && npm run lint && git push && git push --tags"
   },
   "devDependencies": {
     "@eslint/js": "^9.38.0",
