DX-2278: use npm OIDC

[CahidArda]

check upstash/ratelimit-js#149 for more details

[linear]

DX-2278 SDK CIs - check npm OIDC

[Copilot]

Pull request overview

This PR migrates the npm publishing process from token-based authentication to OpenID Connect (OIDC) authentication, following the approach demonstrated in upstash/ratelimit-js#149. It also restructures the CI/CD workflows by introducing a central ci.yml workflow that orchestrates tests and releases, and includes a test fix for hybrid index querying.

Changes:

• Migrated npm publishing to use OIDC with the --provenance flag instead of explicit NPM_TOKEN credentials
• Restructured GitHub Actions workflows with a new ci.yml orchestrator that calls tests.yaml and release.yaml as reusable workflows
• Updated GitHub Actions to newer versions (checkout@v4, setup-node@v4) and fixed deprecated set-output syntax

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/ci.yml	New orchestrator workflow that triggers tests and release workflows based on event type with OIDC permissions
.github/workflows/tests.yaml	Converted to reusable workflow (workflow_call), moved env vars to job level, updated actions, and changed Node version to 24
.github/workflows/release.yaml	Converted to reusable workflow with prerelease input, removed NPM_TOKEN step, added OIDC setup with registry-url and --provenance
src/commands/client/query/query-single/index.test.ts	Added missing awaitUntilIndexed call before querying hybrid index with embedding to prevent race conditions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.