chore(release): set up semantic-release on ci and commitlint/husky

Author: seansica

.github/workflows/ci_cd.yml

@@ -0,0 +1,65 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+      - next
+      - beta
+      - alpha
+  pull_request:
+
+permissions:
+  contents: read # for checkout
+
+jobs:
+  commitlint:
+      runs-on: ubuntu-latest
+      steps:
+        - uses: actions/checkout@v4
+          with:
+            fetch-depth: 0
+        - name: Set up Node.js
+          uses: actions/setup-node@v4
+          with:
+            node-version: '22.x'
+        - name: Install dependencies
+          run: npm ci
+        - name: Commitlint check
+          uses: wagoid/commitlint-github-action@v5
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          # Note: Automatically populated GITHUB_TOKEN cannot be used if branch protection is enabled 
+          # for the target branch. If the risk is acceptable, some extra configuration is needed. The 
+          # actions/checkout persist-credentials option needs to be false, otherwise the generated 
+          # GITHUB_TOKEN will interfere with the custom one.
+          # ref: https://github.com/semantic-release/semantic-release/blob/master/docs/recipes/ci-configurations/github-actions.md#pushing-packagejson-changes-to-your-repository
+          persist-credentials: false
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22.x'
+          registry-url: 'https://npm.pkg.github.com'
+          scope: '@mitre-attack'
+      - name: Install
+        run: npm clean-install
+      - name: Build
+        run: npm run build
+      - name: Test
+        run: npm run test
+      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+        run: npm audit signatures
+      - name: Release
+        run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/npm-publish.yml

@@ -0,0 +1 @@
+npx --no-install commitlint --edit

.github/workflows/release.yml

@@ -1 +1 @@
-npm run format
+npm test

.husky/commit-msg

@@ -0,0 +1,35 @@
+{
+    "branches": [
+        "main",
+        {
+            "name": "next",
+            "prerelease": true
+        },
+        {
+            "name": "beta",
+            "prerelease": true
+        },
+        {
+            "name": "alpha",
+            "prerelease": true
+        }
+    ],
+    "plugins": [
+        "@semantic-release/commit-analyzer",
+        "@semantic-release/release-notes-generator",
+        "@semantic-release/npm",
+        "@semantic-release/github",
+        [
+            "@semantic-release/git",
+            {
+                "assets": [
+                    "dist/**",
+                    "docs",
+                    "README.md",
+                    "package.json"
+                ],
+                "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+            }
+        ]
+    ]
+}