feat(publish-npm): init publish npm workflow

.github/workflows/publish-npm.yml

@@ -0,0 +1,72 @@
+name: Publish Package NPM
+on:
+  workflow_call:
+    inputs:
+      scope:
+        description: 'NPM package scope (e.g., @iExecBlockchainComputing)'
+        required: true
+        type: string
+      node-version:
+        description: 'Node.js version to use'
+        required: false
+        default: '20'
+        type: string
+      registry:
+        description: 'NPM registry URL'
+        required: false
+        default: 'https://registry.npmjs.org'
+        type: string
+      access:
+        description: 'Package access level (public/restricted)'
+        required: false
+        default: 'public'
+        type: string
+      provenance:
+        description: 'Enable npm provenance'
+        required: false
+        default: true
+        type: boolean
+      install-command:
+        description: 'Command to install dependencies'
+        required: false
+        default: 'npm install'
+        type: string
+      environment:
+        description: 'GitHub environment to use for deployment'
+        required: false
+        default: 'production'
+        type: string
+    secrets:
+      npm-token:
+        description: 'NPM token for authentication'
+        required: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ inputs.node-version }}
+          registry-url: ${{ inputs.registry }}
+          scope: ${{ inputs.scope }}
+
+      - name: Install dependencies
+        run: ${{ inputs.install-command }}
+
+      - name: Publish package
+        run: |
+          if [ "${{ inputs.provenance }}" = "true" ]; then
+            npm publish --access ${{ inputs.access }} --provenance
+          else
+            npm publish --access ${{ inputs.access }}
+          fi
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.npm-token }}

README.md

@@ -8,4 +8,7 @@ This repository contains a reusable workflow for iExec. It is a monorepo that co
 This workflow builds a Docker image from a Dockerfile. It is a reusable workflow that can be used in other workflows.
 
 ### [Release Please](./release-please)
-This workflow uses the [release-please-action](https://github.com/googleapis/release-please-action) to automate the release of a project.
+This workflow uses the [release-please-action](https://github.com/googleapis/release-please-action) to automate the release of a project.
+
+### [Publish NPM Package](./publish-npm)
+This workflow publishes an NPM package to the NPM registry.

publish-npm/README.md

@@ -0,0 +1,83 @@
+# Publish Package NPM - Reusable Workflow Documentation
+
+## Overview
+
+This reusable GitHub Actions workflow automates the process of publishing an NPM package. It is configurable via inputs for the package scope, Node.js version, and registry URL. The workflow performs the following actions:
+
+- Checks out your repository code.
+- Sets up Node.js and configures the `.npmrc` file.
+- Installs package dependencies using `npm ci`.
+- Publishes the package with provenance and public access using `npm publish`.
+
+## Detailed Explanation
+
+### Triggering the Workflow
+
+- **`on: workflow_call`**  
+  This setting makes the workflow reusable, allowing it to be invoked by other workflows. Inputs can be passed during the call.
+
+### Workflow Inputs
+
+- **`scope`**
+    - **Description:** Defines the NPM package scope (e.g., `@iExecBlockchainComputing`).
+    - **Required:** Yes.
+
+- **`node-version`**
+    - **Description:** Specifies the version of Node.js to use.
+    - **Default:** `20`
+    - **Required:** No.
+
+- **`registry-url`**
+    - **Description:** URL of the NPM registry.
+    - **Default:** `https://registry.npmjs.org`
+    - **Required:** No.
+
+### Job and Steps
+
+- **Job Name (`build`):**
+    - Runs on `ubuntu-latest`.
+    - **Permissions:**
+        - `contents: read` – to access repository contents.
+        - `packages: write` – to allow package publication.
+
+- **Steps:**
+    - **Checkout Repository:**  
+      Uses `actions/checkout@v4` to retrieve your code.
+
+    - **Setup Node.js:**  
+      Uses `actions/setup-node@v4` to configure Node.js. This step also sets up the `.npmrc` file with the provided registry URL and scope.
+
+    - **Install Dependencies:**  
+      Executes `npm ci` to install dependencies from the `package-lock.json` file.
+
+    - **Publish Package:**  
+      Executes `npm publish --provenance --access public` to publish the package.
+        - The `NODE_AUTH_TOKEN` environment variable is set from `${{ secrets.NPM_TOKEN }}` for authentication.
+
+## How to Use This Reusable Workflow
+
+1. **Save the Workflow File:**  
+   Place this YAML file (e.g., `publish-npm.yml`) in the `.github/workflows/` directory of your repository.
+
+2. **Call the Reusable Workflow:**  
+   In another workflow file (for example, triggered by a release), invoke this reusable workflow as follows:
+
+   ```yaml
+   name: Call Publish Package NPM Workflow
+   on:
+     release:
+       types: [published]
+
+   jobs:
+     publish:
+       uses: your-org/your-repo/.github/workflows/publish-npm.yml@main
+       with:
+         scope: '@iExecBlockchainComputing'
+         node-version: '20'
+         registry-url: 'https://registry.npmjs.org'
+       secrets:
+         NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+   ```
+
+3. **Configure Secrets:**  
+   Ensure that the `NPM_TOKEN` secret is added to your repository's settings. This token is required to authenticate with the NPM registry during publishing.