ci(mcp): validate package contents and version before npm publish

[dkalinovInfra]

Description

Hardens the npm publish workflow with a pre-publish validation step for the @igniteui/mcp-server package, so broken releases fail in CI before reaching the npm registry instead of being discovered after the fact.

Changes:

1. New scripts/validate-package.ts in the MCP package. Pre-publish sanity checks:

   • SQLite docs DB exists at dist/igniteui-docs.db and is at least 20 MB.
   • Each docs/<framework>-api/ directory (angular, react, webcomponents, blazor) totals at least 300 KB — catches an empty or partially-built docs pipeline.
   • When --expected-version <ver> (or EXPECTED_VERSION env) is passed, the script asserts the release tag matches package.json version, server.json top-level version, and every entry in server.json packages[].version (iterated, not hardcoded to index 0). A leading v is stripped so both v15.2.2 and 15.2.2 tag styles are accepted. If no expected version is supplied (local invocations), the version block is skipped silently.
   • Wired as npm run validate:package in the MCP workspace's package.json.

2. .github/workflows/npm-publish.yml rewritten:

   • The separate validate-mcp job (introduced earlier in this branch) is folded into the existing build job as a new Validate MCP package contents step placed between Build packages and Define npm tag. The release job now runs yarn install and the MCP build once instead of twice, reusing the VERSION already derived from GITHUB_REF.
   • submodules: recursive retained on the build checkout — required because the validator inspects paths populated by submodules.
   • Define npm tag rewritten in multi-line form. The previous one-liner appended both branches' echoes to $GITHUB_ENV via redirection on fi, then echo ${NPM_TAG} ran in the same shell where NPM_TAG was never exported — so the debug echo always printed an empty line. Now the value is held in a local variable, written to $GITHUB_ENV, and echoed from the local variable.

3. Tuning follow-up: the 300 KB framework-dir floor is intentionally lenient — react-api was ~346 KB in the failing CI run, only 15% above the floor. The threshold is set conservatively to avoid false positives on the first release; consider raising it (or making it per-framework) once we have a few green release runs as a baseline.

Related Issue

N/A — internal release-pipeline hardening.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Refactoring / code cleanup
• Build / CI configuration change

Affected Packages

• igniteui-cli (packages/cli)
• @igniteui/cli-core (packages/core)
• @igniteui/angular-templates (packages/igx-templates)
• @igniteui/angular-schematics (packages/ng-schematics)
• @igniteui/mcp-server (packages/igniteui-mcp)

Checklist

• I have tested my changes locally (npm run test)
• I have built the project successfully (npm run build)
• I have run the linter (npm run lint)
• I have added/updated tests as needed
• My changes do not introduce new warnings or errors

Additional Context

Local validator output on a matching version:

OK  ver package.json           15.2.2-alpha.3
OK  ver server.json          15.2.2-alpha.3
OK  ver server.json @igniteui/mcp-server 15.2.2-alpha.3
OK  db  32.97 MB  .../dist/igniteui-docs.db
OK  dir    1.65 MB  angular-api
OK  dir  691.08 KB  react-api
OK  dir    1.15 MB  webcomponents-api
OK  dir    4.54 MB  blazor-api

All checks passed.

On a version mismatch (--expected-version 99.9.9), the script reports each of the three asserted locations separately and exits with code 1:

- package.json version mismatch: got 15.2.2-alpha.3, expected 99.9.9
- server.json version mismatch: got 15.2.2-alpha.3, expected 99.9.9
- server.json @igniteui/mcp-server version mismatch: got 15.2.2-alpha.3, expected 99.9.9

On a CI run with truncated docs (the failure that motivated tightening the directory check to the framework level), the four docs/<framework>-api/ directories totaled 1.10 MB / 346 KB / 1.03 MB / 2.26 MB respectively — all above the 300 KB floor.

[Copilot]

Pull request overview

This PR hardens the npm publish workflow by adding a pre-publish validation step for the @igniteui/mcp-server workspace and bumping package versions to 15.2.2-alpha.3 (and related Angular template/schematics versions).

Changes:

• Add packages/igniteui-mcp/igniteui-doc-mcp/scripts/validate-package.ts and wire it as validate:package.
• Run the new validator in .github/workflows/npm-publish.yml between build and tag selection; improve npm tag env handling.
• Bump versions and internal dependency ranges across CLI/core/templates/schematics/MCP server metadata.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
packages/ng-schematics/package.json	Bumps schematics version and updates internal dependency ranges.
packages/igx-templates/package.json	Bumps templates version and updates @igniteui/cli-core dependency range.
packages/igniteui-mcp/igniteui-doc-mcp/server.json	Updates MCP server metadata versions to 15.2.2-alpha.3.
packages/igniteui-mcp/igniteui-doc-mcp/scripts/validate-package.ts	Adds pre-publish validation (DB/docs size + version consistency checks).
packages/igniteui-mcp/igniteui-doc-mcp/package.json	Bumps MCP package version and adds validate:package script.
packages/core/package.json	Bumps @igniteui/cli-core version.
packages/cli/package.json	Bumps CLI version and updates internal dependency ranges including MCP server.
.github/workflows/npm-publish.yml	Adds MCP package validation step and fixes npm tag env export/debug output.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coveralls]

coverage: 87.455%. remained the same — dkalinov/mcp-package-validation into master