ci: Simplify npm publish workflow for OIDC

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: chengzeyi

.github/workflows/npm-publish.yml

@@ -1,38 +1,25 @@
-# This workflow will publish the package to npm when a release is created
-# Uses OIDC trusted publishing for secure, tokenless authentication
-
-name: npm-publish
+name: Publish Package
 
 on:
-  release:
-    types: [published]
-  workflow_dispatch:
+  push:
+    tags:
+      - 'v*'
 
 permissions:
+  id-token: write  # Required for OIDC
   contents: read
-  id-token: write
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
-    - name: Setup Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version: '20'
-        cache: 'npm'
-        registry-url: 'https://registry.npmjs.org'
-
-    - name: Install dependencies
-      run: npm ci
-
-    - name: Build package
-      run: npm run build
-
-    - name: Publish to npm
-      run: npm publish --provenance --access public
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm ci
+      - run: npm run build --if-present
+      - run: npm test
+      - run: npm publish