[MOSIP-43539] Added NPM release worfklow in the mosip-sdk repository

[Prafulrakhade]

Summary by CodeRabbit

• Chores
  • Added a CI workflow to automate npm publishing for multiple packages/services, triggered by releases and manual dispatch. Streamlines distribution, uses secure tokens for authentication, and integrates notification hooks for publish events.

[coderabbitai]

Warning

Rate limit exceeded

@Prafulrakhade has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 1 minutes and 55 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between e4abafc and 4514a38.

📒 Files selected for processing (1)

• .github/workflows/publish-npm.yaml (1 hunks)

Walkthrough

Adds a new GitHub Actions workflow (.github/workflows/publish-npm.yaml) that publishes five services to NPM by invoking a reusable workflow. Triggers include release publish, certain pull_request events, workflow_dispatch, and pushes; jobs supply SERVICE_LOCATION and secrets and include conditional checks limiting runtime.

Changes

Cohort / File(s)

Summary

NPM Publish Workflow .github/workflows/publish-npm.yaml

New GitHub Actions workflow "MOSIP-SDK NPM Publish". Defines triggers (release publish, selected pull_request activity, workflow_dispatch, branch pushes) and a job matrix for five services (json-form-builder, react-secure-biometric-interface-integrator, secure-biometric-interface-integrator, react-sign-in-with-esignet, sign-in-with-esignet). Each matrix entry sets SERVICE_LOCATION and invokes the reusable workflow mosip/kattu/.github/workflows/npm-publish-to-npm-registry.yml@master, passing NPM_AUTH_TOKEN and SLACK_WEBHOOK secrets. Jobs include conditionals that restrict execution (not on master, not a pull_request, and run on workflow_dispatch). No other code changes.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Repo as Repository
    participant GH as GitHub Actions
    participant Reusable as Reusable Workflow (mosip/kattu)
    participant NPM as NPM Registry
    participant Slack as Slack Webhook

    Repo->>GH: Trigger (release / pull_request / push / workflow_dispatch)
    note right of GH `#EFEFEF`: Matrix job created for each service
    GH->>Reusable: Invoke reusable workflow\nwith SERVICE_LOCATION + secrets
    alt publish success
        Reusable->>NPM: Publish package
        Reusable->>Slack: Notify success
    else publish failure
        Reusable->>Slack: Notify failure
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Single new file with a repetitive matrix pattern.
• Points to check during review:
  • Verify each SERVICE_LOCATION path matches repository layout.
  • Confirm conditional logic (not on master, not a pull_request, run on workflow_dispatch) matches intended publish behavior.
  • Ensure the referenced reusable workflow path and branch/tag exist and required secrets (NPM_AUTH_TOKEN, SLACK_WEBHOOK) are configured.

Poem

🐰 I hopped through YAML, five packages in tow,
I nudged the workflow, set the publish to go,
Secrets tucked safely, paths set just so—
A tiny rabbit cheers: npm, here we go! ✨

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding an NPM release workflow to the mosip-sdk repository. It is specific, clear, and directly related to the changeset.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 98f0c47 and 365a84c.

📒 Files selected for processing (1)

• .github/workflows/publish-npm.yaml (1 hunks)