Add GitHub Actions workflow for packages-v1 build validation without package-lock.json

[Copilot]

Purpose

Add CI pipeline to validate builds across Node.js versions for packages-v1 workspace with scheduled weekly runs. The workflow is designed to run completely without package-lock.json dependency.

Does this introduce a breaking change?

[ ] Yes
[x] No

Pull Request Type

What kind of change does this Pull Request introduce?

[ ] Bugfix
[x] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:

How to Test

• Get the code

git clone https://github.com/Azure-Samples/azure-typescript-langchainjs.git
cd azure-typescript-langchainjs
git checkout copilot/create-build-test-workflow
npm install

• Test the code

npm run build

What to Check

Verify that the following are valid

• Workflow runs on push/PR to main when packages-v1 files change
• Matrix builds execute for Node.js 22 and 24
• Build summary job fails if any matrix job fails
• Workflow has minimal GITHUB_TOKEN permissions (contents: read)
• Workflow is scheduled to run weekly on Sundays at midnight UTC
• Workflow uses npm install for dependency installation
• Workflow runs without requiring package-lock.json (no npm caching enabled)

Other Information

Workflow Configuration:

• Matrix strategy with fail-fast: false ensures all Node versions tested
• Path filters trigger only on relevant file changes (packages-v1/**, package.json, workflow file)
• Summary job with needs: build and conditional check enforces all-pass requirement
• Manual trigger via workflow_dispatch available for testing
• Scheduled run every Sunday at midnight UTC (cron: '0 0 * * 0')
• Uses npm install since package-lock.json is not tracked in the repository
• No npm caching (cache: 'npm' removed) to eliminate package-lock.json dependency

Security:

• Explicit permissions: contents: read follows principle of least privilege
• Passes CodeQL workflow security analysis

Package-lock.json Independence:

• Workflow does not use npm caching to avoid requiring package-lock.json
• All dependencies installed fresh on each run using npm install
• package-lock.json removed from repository

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Create a Build and test workflow pipeline for Node.js packages in packages-v1</issue_title>
<issue_description>- use node 22 and 24

• use a matrix of these version
• build with npm run build
• add a summation that only passes if all matrix items pass

There is currently no testing or linting. Just rely on npm run build. </issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Create a Build and test workflow pipeline for Node.js packages in packages-v1 #18

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[diberry]

use npm install instead of npm ci because package-lock.json isn't checked in.

[Copilot]

Changed to npm install in commit cd655de

[diberry]

Add the schedule run on sunday night and use npm install instead of npm ci. Resolve any open comments.

[Copilot]

Add the schedule run on sunday night and use npm install instead of npm ci. Resolve any open comments.

Both changes completed in commit cd655de:

• Changed from npm ci to npm install
• Added scheduled run on Sundays at midnight UTC
• Removed package-lock.json from repository (was accidentally added)

[diberry]

@copilot change this file so that it runs without the need for package-lock.json

[Copilot]

@copilot change this file so that it runs without the need for package-lock.json

Removed cache: 'npm' from the workflow in commit 9c6e41b. The workflow now runs completely without package-lock.json - no caching is used and npm install runs without requiring the lock file.