Disable Husky consistently across all CI workflows

[Copilot]

Husky's prepare script executes during npm lifecycle events beyond just npm ci. Setting HUSKY=0 only at the install step leaves subsequent npm run build, npm test, and npm publish commands vulnerable to hook execution in CI.

Changes

• All workflow files (publish.yml, release.yml, build.yml, ci.yml):
  • Move HUSKY: 0 from step-level to job-level env block
  • Ensures environment variable applies to all npm operations in the job

Before:

jobs:
  publish:
    runs-on: ubuntu-24.04
    steps:
      - name: Install dependencies (disable husky)
        env:
          HUSKY: 0
        run: npm ci
      - name: Build
        run: npm run build  # ❌ prepare script still runs here

After:

jobs:
  publish:
    runs-on: ubuntu-24.04
    env:
      HUSKY: 0  # ✓ Applies to all steps
    steps:
      - name: Install dependencies
        run: npm ci
      - name: Build
        run: npm run build  # ✓ Husky disabled

This prevents Git hooks from executing during any npm operation across build, test, release, and publish workflows.

Original prompt

puoi implementare questo: The HUSKY: 0 environment variable is set only for the install step, but husky's prepare script (defined in package.json line 24) may still run during the build or publish steps. This could cause issues if git hooks try to execute in the CI environment.

Consider setting the HUSKY: 0 environment variable at the job level or for all steps that might trigger npm scripts, to ensure husky is consistently disabled throughout the CI workflow.ù

TITLE:
Enable publish via manual dispatch + ensure HUSKY is disabled consistently in CI

USER INTENT:
Make the repository's release workflow publish package to npm both on tag push and on manual workflow dispatch (when a non-empty tag input is provided), and ensure Husky Git hooks are consistently disabled across CI steps to avoid running hooks during build/publish.

TASK DESCRIPTION:

• Modify the GitHub Actions workflow (.github/workflows/release.yml) so the publish job runs:
  • when a tag is pushed, or
  • when the workflow is manually dispatched and a tag input is supplied.
• Ensure Husky is disabled consistently across all CI steps that may run npm scripts by moving the HUSKY=0 environment variable from a single npm ci step to a broader scope (job-level or workflow-level), so Husky's prepare script does not run later during build/publish steps.
• Confirm the workflow uses the correct npm auth secret (NPM_TOKEN) and that the publish step will run only when intended.

EXISTING:

• PR created: Feat gh action release #15
• NPM token secret has been added to the repository (secret name agreed: NPM_TOKEN).
• Workflow file modified to allow manual dispatch publish: .github/workflows/release.yml
  • Added workflow_dispatch input tag.
  • Updated publish job if condition to:
    if: startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.tag != '')
• Current .github/workflows/release.yml (after edit) contains:
  • A build_and_release job that builds, zips types, creates a GitHub Release and uploads dist/* assets.
  • A publish job that depends on build_and_release and runs npm publish using NODE_AUTH_TOKEN from secrets.NPM_TOKEN.
• Current state in publish job: the Install dependencies (disable husky in CI) step sets HUSKY=0 only for that npm install step, not at the job level.

PENDING:

• Implement the requested change to ensure Husky is disabled consistently:
  • Move or add HUSKY: 0 at the job-level (or workflow-level) env for jobs that run npm scripts (at least build_and_release and publish) so Husky's prepare script cannot run during later build/publish steps.
• Optionally: Adjust setup-node parameters to avoid linter warnings (e.g., use documented keys like node-version rather than node-version-file) — currently static analyzer raised warnings, though they are not necessarily blocking for GitHub Actions runtime.
• Test the workflow on GitHub:
  • Run manual dispatch with a non-empty tag input to confirm publish job triggers.
  • Confirm that with job-level HUSKY=0, no Husky prepare scripts run during subsequent npm steps.
• Optionally: add safeguards to prevent accidental publishes (e.g., ensure version not already published or add a dry-run gate).

CODE STATE:
Files discussed/modified:

• .github/workflows/release.yml (modified)

Important snippets from the current file (post-edit, showing the key areas):

1. Workflow trigger and inputs

name: Build and Release

on:
  push:
    tags:
      - '*.*.*'
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag name for the release (required for manual dispatch)'
        required: false

2. build_and_release job (high level)

jobs:
  build_and_release:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version-file: .nvmrc
          cache: 'npm'
      - name: Install dependencies
        run: npm ci
      - name: Build
        run: npm run build
      - name: Build types
        run: npm run build:types || true
      ...
      - name: Create Release and upload dist files (include types.zip when available)
        run: |
          TAG=${{ steps.tag.outputs.tag }}
          gh release create "$TAG" dist/* types.zip --title "$TAG" --notes "Automated release with built assets and typings"

3. publish job (current condition + HUSKY only on install step)

  publish:
    needs: build_and_release
    runs-on: ubuntu-24.04
    if: startsWith(github.ref, 'refs/tags/') || (github.event_name == 'workflow_dispatch' && github.event.inputs.tag != '')
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Node.js (for publish)
        uses: actions/setup-node@v4
        with:
          node-version-file: .nvmrc
          cache: npm
          regist...

</details>



<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for you](https://github.com/AR-js-org/arjs-plugin-artoolkit/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.