Create npm-publish.yml#12
Conversation
Signed-off-by: Huỳnh Thương <admin@huynhthuong.online>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
📝 WalkthroughTổng quanThêm quy trình GitHub Actions mới Thay đổiTự động hóa xuất bản npm
Ước tính nỗ lực kiểm tra mã🎯 2 (Đơn giản) | ⏱️ ~8 phút Bài thơ
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Warning Review ran into problems🔥 ProblemsLinked repositories: Your configuration references 1 linked repositories, but your current plan allows 0. Analyzed ``, skipped Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a92cac9f50
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| with: | ||
| node-version: 20 | ||
| - run: npm ci | ||
| - run: npm test |
There was a problem hiding this comment.
npm test when no test script exists
This workflow always runs npm test, but package.json only defines start and dev scripts, so npm test exits with Missing script: "test" in this repository. Because publish-npm depends on build, every release-triggered run will fail before publishing, making the new publish pipeline non-functional unless a test script is added or the step uses npm test --if-present.
Useful? React with 👍 / 👎.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 1 file
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/npm-publish.yml">
<violation number="1" location=".github/workflows/npm-publish.yml:8">
P1: Using `release.types: [created]` can skip publishing for releases that are published from drafts. Trigger on `published` so npm publish runs on real release publication.</violation>
<violation number="2" location=".github/workflows/npm-publish.yml:19">
P1: `npm test` will fail because `package.json` does not define a `test` script (only `start` and `dev` exist). This causes the `build` job to always fail, and since `publish-npm` depends on `build`, the entire publish pipeline is non-functional. Use `npm test --if-present` to skip gracefully when no test script is defined.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5c330804eb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| on: | ||
| release: | ||
| types: [created] |
There was a problem hiding this comment.
For releases prepared as drafts in the GitHub UI and then published, this workflow never runs: GitHub's release-event docs state that created, edited, and deleted do not trigger workflows for draft releases, and recommend published when you want workflows to run as releases publish. Since this is the only npm publish trigger, any release created through the common draft-then-publish flow will be skipped entirely.
Useful? React with 👍 / 👎.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/npm-publish.yml:
- Around line 1-2: The workflow header comment incorrectly states it will
"publish ... to GitHub Packages" while the actual configuration targets
https://registry.npmjs.org/; update the top comment in
.github/workflows/npm-publish.yml (the initial workflow description lines) to
accurately state that the package is published to the npm registry (or, if the
intent is GitHub Packages, change the registry configuration to GitHub Packages)
so the comment and actual registry (https://registry.npmjs.org/) are consistent.
- Around line 10-33: Add an explicit minimal permissions block to the workflow
so it only has repository read access; update the top-level workflow (affecting
the jobs "build" and "publish-npm") to include permissions: contents: read so
the checkout step and subsequent actions run with least privilege instead of
relying on repo default permissions.
- Around line 7-8: The workflow currently listens to the GitHub Actions
'release' event with types: [created], which triggers on drafts and can publish
to npm too early; change the event types value from types: [created] to types:
[published] on the 'release' trigger and add a guard to skip prereleases (e.g.,
check github.event.release.prerelease is false or similar) so the npm-publish
workflow only runs when a release is publicly published and not for
prerelease/draft releases.
- Around line 31-33: The workflow currently uses a static secret
(NODE_AUTH_TOKEN) for npm publish; switch to GitHub OIDC Trusted Publishing by
updating your actions/setup-node step to use node-version 24.x (ensure npm
11.5.1+), remove the ENV NODE_AUTH_TOKEN from the "npm publish" run step, add
repository permissions to allow id-token issuance (permissions: id-token: write
and packages: write if publishing packages), and change the "npm publish"
invocation to use the OIDC-backed setup-node authentication (include
--provenance when publishing). Locate the actions/setup-node configuration and
the "npm publish" run step to make these changes.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 646d793b-0b64-4ef3-a5a5-73ba63d50a13
📒 Files selected for processing (1)
.github/workflows/npm-publish.yml
# Vercel Web Analytics Implementation Report
## Summary
Successfully configured Vercel Web Analytics for the claude-openai project following the latest official Vercel documentation.
## Project Details
- **Framework**: Node.js/Express serving static HTML files
- **Package Manager**: npm
- **Project Type**: Backend API with static frontend (public/index.html)
## Changes Made
### Modified Files
1. **public/index.html**
- Updated Vercel Web Analytics implementation to use the recommended script tag approach
- Changed from: ESM import using CDN (`import { inject } from 'https://cdn.jsdelivr.net/npm/@vercel/analytics@2/+esm'`)
- Changed to: Recommended script tag approach (`<script defer src="/_vercel/insights/script.js"></script>`)
- This follows the official Vercel documentation for HTML5 projects
### Package Information
- **@vercel/analytics**: Version 2.0.1 (already installed)
- **@vercel/speed-insights**: Version 2.0.0 (already installed)
## Implementation Details
According to the latest Vercel documentation (fetched on 2026-04-28):
- For static HTML projects, the recommended approach is to use the script tag: `<script defer src="/_vercel/insights/script.js"></script>`
- This script is automatically served by Vercel after enabling Web Analytics in the dashboard
- The implementation is placed before the closing `</body>` tag for optimal performance
## Configuration Steps Followed
1. ✅ Fetched latest Vercel Analytics documentation from https://vercel.com/docs/analytics/quickstart
2. ✅ Identified project framework (Node.js/Express with static HTML)
3. ✅ Verified @vercel/analytics package was already installed (v2.0.1)
4. ✅ Updated the analytics implementation in public/index.html to use the recommended script tag
5. ✅ Ran npm install to ensure dependencies and lock files are up to date
6. ✅ Tested server startup and verified HTML is served correctly
7. ✅ Verified the analytics script tag is present in the served HTML
## Testing Results
- ✅ Server starts successfully on port 3000
- ✅ Static HTML file is served correctly
- ✅ Analytics script tag is properly included in the HTML output
- ✅ No build errors or warnings
- ✅ Dependencies installed successfully with 0 vulnerabilities
## Next Steps for Activation
To activate Vercel Web Analytics:
1. Navigate to the project's Analytics section in the Vercel dashboard
2. Click the "Enable" button to activate Web Analytics
3. Deploy the project to Vercel
4. After deployment, analytics data will begin collecting automatically
5. View analytics in the Vercel dashboard (data appears within days of deployment)
## Notes
- The project already had @vercel/analytics and @vercel/speed-insights installed
- The previous implementation used an ESM CDN import, which has been replaced with the official Vercel-served script
- The new implementation follows Vercel's recommended best practices for HTML5 projects
- Speed Insights was already properly configured and remains unchanged
Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
This workflow runs tests and publishes a Node.js package to GitHub Packages upon release creation. Signed-off-by: Huỳnh Thương <admin@huynhthuong.online>
Signed-off-by: Huỳnh Thương <admin@huynhthuong.online>
This workflow builds and deploys a Node.js application to Azure Web App on push to the main branch. Signed-off-by: Huỳnh Thương <admin@huynhthuong.online>
This workflow installs Terraform CLI and configures it with an API token for Terraform Cloud. It runs `terraform init`, `terraform fmt`, and `terraform plan` on pull requests, and `terraform apply` on pushes to the main branch. Signed-off-by: Huỳnh Thương <admin@huynhthuong.online>
|
Kilo Code Review could not run — your account is out of credits. Add credits or switch to a free model to enable reviews on this change. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 15dfa4f168
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
4 issues found across 4 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/npm-publish-github-packages.yml">
<violation number="1" location=".github/workflows/npm-publish-github-packages.yml:34">
P2: GitHub Packages only supports scoped npm packages (format `@NAMESPACE/PACKAGE-NAME`). Publishing an unscoped package to `https://npm.pkg.github.com/` will be rejected. The package name in `package.json` needs to be scoped (e.g., `@owner/claude-openai`) or the registry URL should be changed.</violation>
</file>
<file name=".github/workflows/terraform.yml">
<violation number="1" location=".github/workflows/terraform.yml:87">
P1: This workflow runs `terraform plan` even though the repository has no Terraform configuration files, so CI will fail when the job executes.</violation>
<violation number="2" location=".github/workflows/terraform.yml:92">
P2: The branch check in the `Terraform Apply` condition is malformed (`refs/heads/"main"`), so apply is effectively disabled.</violation>
</file>
<file name=".github/workflows/webpack.yml">
<violation number="1" location=".github/workflows/webpack.yml:28">
P1: `npx webpack` will not work correctly: the project has no webpack dependency and no webpack configuration file. This will either fail at runtime or produce a broken build. Use a project-specific build script or define the proper build toolchain.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
|
|
||
| # Generates an execution plan for Terraform | ||
| - name: Terraform Plan | ||
| run: terraform plan -input=false |
There was a problem hiding this comment.
P1: This workflow runs terraform plan even though the repository has no Terraform configuration files, so CI will fail when the job executes.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/terraform.yml, line 87:
<comment>This workflow runs `terraform plan` even though the repository has no Terraform configuration files, so CI will fail when the job executes.</comment>
<file context>
@@ -0,0 +1,93 @@
+
+ # Generates an execution plan for Terraform
+ - name: Terraform Plan
+ run: terraform plan -input=false
+
+ # On push to "main", build or change infrastructure according to Terraform configuration files
</file context>
| - name: Build | ||
| run: | | ||
| npm install | ||
| npx webpack |
There was a problem hiding this comment.
P1: npx webpack will not work correctly: the project has no webpack dependency and no webpack configuration file. This will either fail at runtime or produce a broken build. Use a project-specific build script or define the proper build toolchain.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/webpack.yml, line 28:
<comment>`npx webpack` will not work correctly: the project has no webpack dependency and no webpack configuration file. This will either fail at runtime or produce a broken build. Use a project-specific build script or define the proper build toolchain.</comment>
<file context>
@@ -0,0 +1,28 @@
+ - name: Build
+ run: |
+ npm install
+ npx webpack
</file context>
| # On push to "main", build or change infrastructure according to Terraform configuration files | ||
| # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks | ||
| - name: Terraform Apply | ||
| if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' |
There was a problem hiding this comment.
P2: The branch check in the Terraform Apply condition is malformed (refs/heads/"main"), so apply is effectively disabled.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/terraform.yml, line 92:
<comment>The branch check in the `Terraform Apply` condition is malformed (`refs/heads/"main"`), so apply is effectively disabled.</comment>
<file context>
@@ -0,0 +1,93 @@
+ # On push to "main", build or change infrastructure according to Terraform configuration files
+ # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
+ - name: Terraform Apply
+ if: github.ref == 'refs/heads/"main"' && github.event_name == 'push'
+ run: terraform apply -auto-approve -input=false
</file context>
| if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' |
| node-version: 20 | ||
| registry-url: https://npm.pkg.github.com/ | ||
| - run: npm ci | ||
| - run: npm publish |
There was a problem hiding this comment.
P2: GitHub Packages only supports scoped npm packages (format @NAMESPACE/PACKAGE-NAME). Publishing an unscoped package to https://npm.pkg.github.com/ will be rejected. The package name in package.json needs to be scoped (e.g., @owner/claude-openai) or the registry URL should be changed.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/npm-publish-github-packages.yml, line 34:
<comment>GitHub Packages only supports scoped npm packages (format `@NAMESPACE/PACKAGE-NAME`). Publishing an unscoped package to `https://npm.pkg.github.com/` will be rejected. The package name in `package.json` needs to be scoped (e.g., `@owner/claude-openai`) or the registry URL should be changed.</comment>
<file context>
@@ -0,0 +1,36 @@
+ node-version: 20
+ registry-url: https://npm.pkg.github.com/
+ - run: npm ci
+ - run: npm publish
+ env:
+ NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
</file context>
github-project-automation
Bot
moved this from Todo
to Done
in @Huynhthuongg's untitled project
1 participant
Summary by cubic
Add CI to publish the package to
npmand GitHub Packages on release, run Webpack builds on push/PR, manage Terraform plans/applies, and switch Vercel Web Analytics to the recommended script tag.New Features
.github/workflows/npm-publish.yml(Node 20 build + tests, releases tonpmwithsecrets.npm_token) and.github/workflows/npm-publish-github-packages.yml(releases to GitHub Packages withGITHUB_TOKEN); both trigger on release creation after build.init/fmt/planon PRs withapplyon push tomain; updatespublic/index.htmlto use<script defer src="/_vercel/insights/script.js"></script>.Migration
npm_tokenandTF_API_TOKEN.Written for commit 44fb568. Summary will update on new commits. Review in cubic