ci: add stub action for canary releases on PRs

Based on https://securitylab.github.com/research/github-actions-preventing-pwn-requests/

Author: IvanGoncharov

.github/workflows/canary.yaml

@@ -0,0 +1,19 @@
+name: Canary Release
+on:
+  workflow_run:
+    workflows:
+      - CI
+    types:
+      - completed
+env:
+  NODE_VERSION_USED_FOR_DEVELOPMENT: 17
+jobs:
+  publish-canary:
+    runs-on: ubuntu-latest
+    name: Publish Canary
+    if: ${{ github.event.workflow_run.event == 'pull_request' }}
+    steps:
+      - name: Dump GitHub context
+        run: echo "$GITHUB_CONTEXT"
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}

.github/workflows/ci.yml

@@ -236,6 +236,34 @@ jobs:
           path: ./npm-dist-diff.html
           if-no-files-found: ignore
 
+  build-npm-package:
+    name: Build artifact with NPM package
+    runs-on: ubuntu-latest
+    needs: [test, fuzz, lint, integrationTests]
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v2
+        with:
+          cache: npm
+          node-version: ${{ env.NODE_VERSION_USED_FOR_DEVELOPMENT }}
+
+      - name: Install Dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Build NPM package
+        run: npm run build:npm
+
+      - name: Upload NPM package
+        uses: actions/upload-artifact@v2
+        with:
+          name: npmDist
+          path: ./npmDist
+
   deploy-to-npm-branch:
     name: Deploy to `npm` branch
     runs-on: ubuntu-latest