From 121d74d245b1de6d0ef8b01dad7b5222be879dfb Mon Sep 17 00:00:00 2001
From: eiei114 <60887155+eiei114@users.noreply.github.com>
Date: Thu, 28 May 2026 22:54:47 +0900
Subject: [PATCH 1/2] ci: publish npm package from auto release

Run the same npm publish flow inside auto-release after creating a new version tag so main merges can release and publish in one workflow.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .github/workflows/auto-release.yml | 69 ++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index a9ced9a..5b60cc5 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -11,6 +11,9 @@ jobs:
   release:
     name: Create release for new version
     runs-on: ubuntu-latest
+    outputs:
+      released: ${{ steps.check.outputs.released }}
+      tag: ${{ steps.check.outputs.tag }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -45,3 +48,69 @@ jobs:
           gh release create "$TAG" --title "$TAG" --notes "$NOTES"
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish:
+    name: Publish package
+    runs-on: ubuntu-latest
+    needs: release
+    if: needs.release.outputs.released == 'true'
+    concurrency:
+      group: npm-publish-${{ needs.release.outputs.tag }}
+      cancel-in-progress: false
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ needs.release.outputs.tag }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          registry-url: https://registry.npmjs.org
+          package-manager-cache: false
+
+      - name: Install dependencies
+        shell: bash
+        run: |
+          if [ -f package-lock.json ]; then
+            npm ci
+          elif node -e "const p=require('./package.json'); process.exit(p.dependencies || p.devDependencies ? 0 : 1)"; then
+            npm install
+          else
+            echo "No dependencies to install."
+          fi
+
+      - name: Validate package
+        shell: bash
+        run: |
+          if node -e "process.exit(require('./package.json').scripts?.check ? 0 : 1)"; then
+            npm run check
+          elif node -e "process.exit(require('./package.json').scripts?.test ? 0 : 1)"; then
+            npm test
+          elif node -e "process.exit(require('./package.json').scripts?.typecheck ? 0 : 1)"; then
+            npm run typecheck
+          else
+            echo "No validation script configured."
+          fi
+
+      - name: Skip already published version
+        id: published
+        shell: bash
+        run: |
+          name=$(node -p "require('./package.json').name")
+          version=$(node -p "require('./package.json').version")
+          if npm view "${name}@${version}" version >/dev/null 2>&1; then
+            echo "${name}@${version} is already published."
+            echo "skip=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "Publishing ${name}@${version}."
+            echo "skip=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Publish to npm
+        if: steps.published.outputs.skip != 'true'
+        run: npm publish --access public

From 37cedca648fb954997c7946372f29000aefcc0b9 Mon Sep 17 00:00:00 2001
From: eiei114 <60887155+eiei114@users.noreply.github.com>
Date: Thu, 28 May 2026 23:53:13 +0900
Subject: [PATCH 2/2] fix: address CodeRabbit workflow findings

---
 .github/workflows/auto-release.yml | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index 5b60cc5..b753bf7 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -16,7 +16,7 @@ jobs:
       tag: ${{ steps.check.outputs.tag }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
         with:
           fetch-depth: 0
 
@@ -62,12 +62,13 @@ jobs:
       id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
         with:
           ref: ${{ needs.release.outputs.tag }}
+          persist-credentials: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444
         with:
           node-version: 24
           registry-url: https://registry.npmjs.org
@@ -103,12 +104,19 @@ jobs:
         run: |
           name=$(node -p "require('./package.json').name")
           version=$(node -p "require('./package.json').version")
-          if npm view "${name}@${version}" version >/dev/null 2>&1; then
+          set +e
+          output=$(npm view "${name}@${version}" version 2>&1)
+          status=$?
+          set -e
+          if [ "$status" -eq 0 ]; then
             echo "${name}@${version} is already published."
             echo "skip=true" >> "$GITHUB_OUTPUT"
-          else
+          elif printf '%s' "$output" | grep -Eq 'E404|404 Not Found'; then
             echo "Publishing ${name}@${version}."
             echo "skip=false" >> "$GITHUB_OUTPUT"
+          else
+            printf '%s\n' "$output" >&2
+            exit "$status"
           fi
 
       - name: Publish to npm