Versioned dispatch + working OIDC publishing (#90)

* Re-added provenance, and NODE_AUTH_TOKEN

Also added manual dispatch

* Removal of NODE_AUTH_TOKEN

Doesn't work, pulling it back out, setup should do this automatically

* Added ability to set version on manual workflow dispatch

* Adding NPM_TOKEN for first push

* Remove v from version if manual dispatching, also remvoe NPM_TOKEN now its published

* Removed npm env

* Moving to older setup-node ver with better OIDC supp

* Debugging for OIDC

* Added NPM token test again, removed debug

* Attempting proper OIDC flow

* Debugging for curls

* Attempting different OIDC flow using github-script

* Swithcing oidc endpoint

* Pulled back to dead simple publish

* Reinstated trigger

* Removed registry-url as that will be overriding OIDC flow properly

* Re-added registry

* Trying to force clean env

* Cleaned uip pipeline

* More robust config registry

* Migrate to production env

* Cleanup

* REadding scope

* Trying to force registry config and unset all token vars

* Added npm update to enforce latest

* Added repo info to package

---------

Co-authored-by: Carl Patchett <carl.patchett@kroll.com>

Author: carlpatchett

.github/workflows/release.yml

@@ -4,44 +4,53 @@ on:
   release:
     types: [published]
   workflow_dispatch:
+    inputs:
+      version:
+        description: "Version to publish (e.g., 0.8.6)"
+        required: false
+        type: string
 
 jobs:
   publish:
     runs-on: ubuntu-latest
-    environment: npm
+
+    environment: production
+
     permissions:
       contents: read
-      id-token: write
+      id-token: write # Required for OIDC
 
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
+      - uses: actions/checkout@v4
         with:
           submodules: recursive
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v5
+      - uses: actions/setup-node@v4
         with:
-          node-version: '22'
-          registry-url: 'https://registry.npmjs.org'
+          node-version: "22"
+          registry-url: "https://registry.npmjs.org"
+          scope: "@crispthinking"
 
-      - name: Set version from tag
+      - name: Update npm
+        run: npm install -g npm@latest
+
+      - name: Set version
         run: |
-          if [[ "$GITHUB_REF" == refs/tags/* ]]; then
+          if [[ -n "${{ inputs.version }}" ]]; then
+            VERSION=${{ inputs.version }}
+            VERSION=${VERSION#v}
+          elif [[ "$GITHUB_REF" == refs/tags/* ]]; then
             TAG_VERSION=${GITHUB_REF#refs/tags/}
-            # Remove 'v' prefix if present
             VERSION=${TAG_VERSION#v}
-            echo "Setting version to: $VERSION"
-            npm --no-git-tag-version version "$VERSION"
           else
-            echo "Not building from a tag, using default version"
+            VERSION="0.0.0"
           fi
+          echo "PACKAGE_VERSION=$VERSION" >> $GITHUB_ENV
+          npm --no-git-tag-version version "$VERSION"
+
+      - run: npm ci
+      - run: npm run codegen
+      - run: npm run build:release
 
-      - run: |
-          npm ci
-          npm run codegen
-          npm run build:release
-          npm publish --provenance --access public
-        name: Build and Publish
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+      - name: Publish
+        run: npm publish --provenance --access public

package.json

@@ -7,6 +7,10 @@
   "engines": {
     "node": ">= 22.11 < 23"
   },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/crispthinking/athena-nodejs-client.git"
+  },
   "files": [
     "dist/",
     "README.md",