Netcracker
diff --git a/‎.github/linters/.markdownlint.json‎
Lines changed: 3 additions & 2 deletions b/‎.github/linters/.markdownlint.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 5 additions & 3 deletions b/‎README.md‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎docs/workflows/npm-release.md‎
Lines changed: 173 additions & 0 deletions b/‎docs/workflows/npm-release.md‎
Lines changed: 173 additions & 0 deletions
@@ -7,5 +7,6 @@
   "MD029": { "style": "one" },
   "MD033": { "allowed_elements": ["img", "br", "a", "p"] },
   "MD041": false,
-  "MD046": { "style": "fenced" }
-}
+  "MD046": { "style": "fenced" },
+  "MD060": { "style": "any", "aligned_delimiter": false }
+}
@@ -29,7 +29,6 @@ In this repository in folder [workflow-templates](./workflow-templates/) you can
 |------------------------------|---------------------------------------------------------------------------------------------|-------------------------------------------|---------------|
 | [**Add License Headers**](./docs/workflows/license-header.md) | Checks or adds license header into source code files.<br>Requires a [`.licenserc.yaml`](./config/examples/.licenserc.yaml) config file in the root folder. | On `push` and `workflow_dispatch` events | [license-header.yml](./workflow-templates/license-header.yml) |
 | [**Automatic PR Labeler**](./docs/workflows/automatic-pr-labeler.md)     | Automatically label PRs based on conventional commit messages. <br>Requires a [auto-labeler-config.yaml](./config/examples/auto-labeler-config.yaml) config file in the `.github` folder | On PR events                              | [automatic-pr-labeler.yaml](./workflow-templates/automatic-pr-labeler.yaml) |
-| [**CDXGen**](./docs/workflows/cdxgen.md)                   | Generate SBOM (Software Bill of Materials) and vulnerability scan report                    | On push to main, manual trigger           | [cdxgen.yaml](./workflow-templates/cdxgen.yaml) |
 | [**Check Go Modules Licenses**](./docs/workflows/check-license.md) | Check the licenses of Go modules in the repository using a configurable allowlist. <br>Fails if any module has a disallowed or missing license. <br>Requires a [.wwhrd.yml](./config/examples/.wwhrd.yml) config file in the repository root. | On push | [check-license.yaml](./workflow-templates/check-license.yaml) |
 | [**CLA Assistant**](./docs/workflows/cla.md)            | Check if PR authors have signed the Contributor License Agreement                           | On PR events                              | [cla.yaml](./workflow-templates/cla.yaml) |
 | [**Cleanup Old Docker**](./docs/workflows/cleanup-old-docker-container.md)       | Clean up old Docker container versions in GitHub Packages                                   | Scheduled (cron), manual trigger          | [cleanup-old-docker-container.yaml](./workflow-templates/cleanup-old-docker-container.yaml) |
@@ -39,6 +38,7 @@ In this repository in folder [workflow-templates](./workflow-templates/) you can
 | [**Go Build**](./docs/workflows/go-build.md)                 | Build and test Go projects, upload coverage to SonarCloud                                   | On push to main, on pull request          | [go-build.yaml](./workflow-templates/go-build.yaml) |
 | [**Helm Charts Release**](./docs/workflows/helm-charts-release.md)      | Release Helm charts and Docker images, create GitHub release. <br>Requires a lot of configuration. Please read workflow file comments.<br>Configuration examples:<br>[.github/helm-charts-release-config.yaml](./config/examples/helm-charts-release-config.yaml)<br>[.github/docker-build-config.json](./config/examples/docker-build-config.json)<br>[.github/release-drafter-config.yml](./config/examples/release-drafter-config.yml) | Manual trigger (workflow_dispatch)        | [helm-charts-release.yaml](./workflow-templates/helm-charts-release.yaml) |
 | [**Link Checker**](./docs/workflows/link-checker.md)             | Check Markdown files for broken links using lychee                                          | On push, manual trigger                   | [link-checker.yaml](./workflow-templates/link-checker.yaml) |
+| [**Lint and Test Charts**](./docs/workflows/lint-test-chart.md) | Lint and test Helm Charts | Manual trigger (workflow_dispatch), Pull request (pull_request) | [lint-test-chart.yaml](./workflow-templates/lint-test-chart.yaml) |
 | [**Lint Codebase**](./docs/workflows/super-linter.md)           | Lint codebase using GitHub Super-Linter. Runs multiple linters on changed files for supported languages. <br>See [.github/super-linter.env](.github/super-linter.env) and [.github/linters/](.github/linters/) for configuration. | On push, pull request, manual trigger     | [super-linter.yaml](./workflow-templates/super-linter.yaml) |
 | [**Maven Release v2**](./docs/workflows/maven-release-v2.md)         | Enhanced Maven release with dry-run, Docker build, and GitHub release support. <br>Requires `pom.xml` [configuration](./docs/maven-publish-pom-preparation_doc.md) and [.github/release-drafter-config.yml](./config/examples/release-drafter-config.yml) config file. | Manual trigger (workflow_dispatch)        | [maven-release-v2.yaml](./workflow-templates/maven-release-v2.yaml) |
 | [**Maven Release**](./docs/workflows/maven-release.md)            | Release and upload Java artifacts to Maven Central or GitHub Packages, create GitHub release | Manual trigger (workflow_dispatch)        | [maven-release.yaml](./workflow-templates/maven-release.yaml) |
@@ -47,11 +47,13 @@ In this repository in folder [workflow-templates](./workflow-templates/) you can
 | [**PR Conventional Commits**](./docs/workflows/pr-conventional-commits.md)  | Check if PR commits follow conventional commit messages                                     | On PR events                              | [pr-conventional-commits.yaml](./workflow-templates/pr-conventional-commits.yaml) |
 | [**PR Lint Title**](./docs/workflows/pr-lint-title.md)            | Lint PR titles to ensure they follow conventional commit strategy                           | On PR events                              | [pr-lint-title.yaml](./workflow-templates/pr-lint-title.yaml) |
 | [**Profanity Filter**](./docs/workflows/profanity-filter.md)         | Check PRs, issues, and comments for profanity                                               | On PR/issue/comment events                | [profanity-filter.yaml](./workflow-templates/profanity-filter.yaml) |
-| [**NPM Publish**](./docs/workflows/npm-publish.md)              | Publish npm packages to GitHub Packages or npm registry, supports Lerna monorepos            | Manual trigger (workflow_dispatch)        | [npm-publish.yaml](./workflow-templates/npm-publish.yaml) |
+| [**Publish npm package**](./docs/workflows/npm-publish.md)              | Publish npm packages to GitHub Packages or npm registry, supports Lerna monorepos            | Manual trigger (workflow_dispatch), push        | [npm-publish.yaml](./workflow-templates/npm-publish.yaml) |
+| [**Release npm package**](./docs/workflows/npm-release.md) | Creates GitHub release and, publishes npm packages to GitHub Packages or npm registry, supports Lerna monorepos | Manual trigger (workflow_dispatch) | [npm-release.yaml](./workflow-templates/npm-release.yaml) |
 | [**Python Release**](./docs/workflows/python-release.md)           | Publish Python packages to PyPI and create GitHub release                                   | Manual trigger (workflow_dispatch)        | [python-release.yaml](./workflow-templates/python-release.yaml) |
 | [**Scorecard supply-chain security**](./docs/workflows/ossf-scorecard.md) | Generates and optionaly publishes OSSF scorecard of the repository | On push to `main` and weekly schedule | [ossf-scorecard.yaml](./workflow-templates/ossf-scorecard.yaml) |
 | [**SBOM to Release**](./docs/workflows/sbom-to-release.md)          | Generate SBOM and upload it as a GitHub Release asset                                       | On release, manual trigger                | [sbom-to-release.yaml](./workflow-templates/sbom-to-release.yaml) |
-
+| [**Security Scan Docker Packages**](./docs/workflows/security-scan.md) | The Security Scan workflow performs comprehensive security vulnerability scanning on Docker packages in your repository. | Manual trigger (workflow_dispatch), scheduled runs | [security-scan.yml](./workflow-templates/security-scan.yml) |
+  
 ## References
 
 ### [Qubership Workflow Hub Documentation](https://github.com/netcracker/qubership-workflow-hub)
 
@@ -0,0 +1,173 @@
+# npm Release
+
+## Overview
+
+The npm Release workflow is designed to be triggered manually via `workflow_dispatch` with configurable input parameters. It performs a comprehensive npm package release process including tag validation, testing, Git tag creation, package publishing to npm registry, and GitHub release creation.
+
+## Trigger
+
+This workflow is triggered manually via `workflow_dispatch` with configurable input parameters.
+
+## Workflow Details
+
+### Jobs
+
+#### `check-tag`
+- **Runner**: `ubuntu-latest`
+- **Purpose**: Validates that the release tag does not already exist to prevent duplicate releases
+- **Condition**: Only runs if not in dry-run mode (`!inputs.dry-run`)
+- **Uses**: `netcracker/qubership-workflow-hub/actions/[email protected]`
+
+#### `npm-test`
+- **Runner**: `ubuntu-latest` (via reusable workflow)
+- **Purpose**: Performs a dry-run test of the npm package publishing process
+- **Dependencies**: Requires `check-tag` job completion
+- **Uses**: `Netcracker/qubership-workflow-hub/.github/workflows/[email protected]`
+- **Condition**: Always runs regardless of previous job status
+
+#### `npm-publish`
+- **Runner**: `ubuntu-latest` (via reusable workflow)
+- **Purpose**: Publishes the npm package to the registry
+- **Dependencies**: Requires `npm-test` job completion
+- **Condition**: Only runs if not in dry-run mode (`!inputs.dry-run`)
+- **Uses**: `Netcracker/qubership-workflow-hub/.github/workflows/[email protected]`
+
+#### `tag`
+- **Runner**: `ubuntu-latest` (via reusable workflow)
+- **Purpose**: Creates a Git tag for the release
+- **Dependencies**: Requires `npm-publish` job completion
+- **Condition**: Only runs if not in dry-run mode (`!inputs.dry-run`)
+- **Uses**: `netcracker/qubership-workflow-hub/.github/workflows/[email protected]`
+
+#### `github-release`
+- **Runner**: `ubuntu-latest` (via reusable workflow)
+- **Purpose**: Creates a GitHub release from the Git tag
+- **Dependencies**: Requires `tag` job completion
+- **Condition**: Only runs if not in dry-run mode (`!inputs.dry-run`)
+- **Uses**: `netcracker/qubership-workflow-hub/.github/workflows/[email protected]`
+
+### Workflow Sequence
+
+1. **Tag Validation** → **Package Test** → **Publishing** → **Tag Creation** → **Release Creation**
+
+In dry-run mode:
+- Only tag validation and package test are executed
+- No publishing, tagging, or release creation occurs
+
+## Delegated Tasks
+
+The workflow delegates the actual npm publishing process to the `re-npm-publish.yml` workflow from the `qubership-workflow-hub` repository, which performs:
+
+1. Repository checkout
+2. Node.js environment setup
+3. Dependency installation
+4. Lerna monorepo detection (if applicable)
+5. Dependency updates (if required)
+6. Package version updates in package.json or lerna.json
+7. Project build
+8. Test execution
+9. Changes commit and push
+10. Package publishing to npm registry
+
+## Configuration
+
+### Required Input Parameters
+- `version` (string, required): Release version for npm (e.g., 1.0.0)
+
+### Optional Input Parameters
+- `scope` (string, optional): npm scope for the package (default: `@netcracker`)
+- `node-version` (string, optional): Node.js version to use (default: `22.x`)
+- `registry-url` (string, optional): npm registry URL (default: `https://npm.pkg.github.com`)
+- `update-nc-dependency` (boolean, optional): Update @netcracker dependencies (default: `false`)
+- `dry-run` (boolean, optional): Run in dry-run mode without actual publishing (default: `false`)
+- `npm-dist-tag` (string, optional): npm distribution tag (default: `latest`)
+
+### Permissions
+- `contents: write` - For creating Git tags and GitHub releases
+- `packages: write` - For publishing npm packages to the registry
+
+### Environment Variables
+- `GITHUB_TOKEN` - Used for GitHub API operations and npm authentication
+
+## Prerequisites
+
+Before using this workflow, you need to:
+
+1. **Adjust package.json**
+   - Ensure proper project configuration
+   - Set up scopes and registry information if using scoped packages
+
+2. **Create GitHub release configuration**
+   - Add or configure release drafter configuration file
+   - This is used by the release creation step
+
+3. **Review qubership-workflow-hub documentation**
+   - See: [npm publish reusable workflow](https://github.com/Netcracker/qubership-workflow-hub/blob/main/docs/reusable/npm-publish.md)
+   - Contains detailed npm project publish/release workflow instructions
+
+## Usage
+
+### Production Release
+
+1. Trigger the workflow manually from GitHub Actions
+2. Provide the release version (e.g., 1.0.0)
+3. Configure optional parameters as needed
+4. Leave `dry-run` as `false` (default)
+5. Workflow will:
+   - Validate the tag doesn't exist
+   - Run tests in dry-run mode
+   - Publish the package to npm
+   - Create a Git tag
+   - Create a GitHub release
+
+### Dry-Run Testing
+
+1. Trigger the workflow manually from GitHub Actions
+2. Set `dry-run` to `true`
+3. Provide any desired parameters
+4. Workflow will:
+   - Validate the tag (if specified)
+   - Run tests without publishing
+   - Report results without creating tags or releases
+   - Useful for validating the release process
+
+### Monorepo Projects
+
+For Lerna monorepos:
+
+1. Ensure the project is properly configured as a Lerna monorepo
+2. Set `update-nc-dependency` to `true` if needed to update @netcracker dependencies
+3. The workflow will automatically detect and handle Lerna configuration
+
+## Features
+
+- **Tag validation**: Prevents duplicate releases by checking for existing tags
+- **Dry-run support**: Test the entire release process without publishing
+- **Comprehensive testing**: Runs tests before publishing to ensure quality
+- **Monorepo support**: Automatically detects and handles Lerna monorepos
+- **Scoped packages**: Supports @netcracker scoped packages
+- **Distribution tags**: Allows setting custom npm distribution tags
+- **GitHub integration**: Creates releases automatically after publishing
+- **Manual control**: Manually triggered for precise release management
+- **Dependency management**: Can update @netcracker dependencies during release
+
+## Important Notes
+
+- This workflow is designed for **production releases** and should be triggered manually when ready to publish
+- Version parameter is required for production releases
+- In dry-run mode, no actual publishing, tagging, or release creation occurs
+- Duplicate release prevention is handled by tag validation
+- All operations are logged in the GitHub Actions workflow summary
+
+## Categories
+- Node.js
+- npm
+- Automation
+- Release Management
+
+## Labels
+- npm
+- release
+- node
+- publishing
+- automation