The previous workflow ran npm publish on every push to master and
gated it via npm view on a stale scoped package name, which made
the check always think the version was unpublished and 403'd
whenever the registry already had it.
Switch the publish job to fire only on push of a v* tag, verify
the tag matches package.json, and use the standard
NODE_AUTH_TOKEN flow via setup-node's registry-url. Tests still
run on master push and PRs.
Release flow: bump version, commit, push master, then
git tag v<version> && git push origin v<version>.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Chris Farhood
719c8b7030