Refactor npm-release workflow to use pnpm correctly

[NodeByteLTD]

Summary

Describe what changed and why.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Chore / maintenance

Testing

List what you ran:

• pnpm lint
• pnpm build
• Relevant tests for changed area

Commands/results:

Paste test output or brief notes here.

Screenshots / Evidence (if applicable)

Add screenshots, recordings, or logs.

Checklist

• I linked related issue(s)
• I updated docs where needed
• I updated changelog for user-facing changes
• I removed secrets from code, logs, and screenshots

Summary by CodeRabbit

• Chores
  • Optimized the release workflow for improved reliability and faster dependency resolution during package publication.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1bba9be8-f336-4496-9c8c-3e40bde095ef

📥 Commits

Reviewing files that changed from the base of the PR and between 4fb4aaf and 94b50c5.

📒 Files selected for processing (1)

• .github/workflows/npm-release.yml

---

Walkthrough

The npm-release workflow's release job is reordered to configure pnpm before Node.js, enable pnpm dependency caching with explicit paths, and limit pnpm install to the SDK workspace with --frozen-lockfile. The publishing step logic remains unchanged.

Changes

npm Release Workflow Reordering

Layer / File(s)	Summary
Setup and Caching Configuration .github/workflows/npm-release.yml	pnpm is configured first, then Node.js 20.x is set up with npm registry authentication and pnpm cache explicitly configured with lockfile dependency path.
SDK-Scoped Dependency Installation .github/workflows/npm-release.yml	pnpm install is filtered to ./packages/sdk... workspace only with --frozen-lockfile to enforce strict lockfile compliance.
SDK Build and Publishing .github/workflows/npm-release.yml	Build runs in packages/sdk and npm publish executes with existing auth and tag flags; behavior unchanged from prior workflow.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• NodeByteLTD/ByteSend#19: Both PRs modify .github/workflows/npm-release.yml and make overlapping changes to the release job—introducing/standardizing a dedicated pnpm install step with --frozen-lockfile and simplifying publish logic.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch develop

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}