ci: move "NPM Publish (Dry Run)" to Github Actions

Author: Saadnajmi

.ado/apple-pr.yml

@@ -27,8 +27,6 @@ stages:
     jobs:
       - template: /.ado/jobs/test-javascript.yml@self
 
-      - template: /.ado/jobs/npm-publish-dry-run.yml@self
-
   # - stage: Integration
   #   dependsOn: []
   #   jobs:

.github/workflows/microsoft-npm-publish-dry-run.yml

@@ -0,0 +1,39 @@
+name: NPM Publish Dry Run
+
+on:
+  pull_request:
+    branches:
+      - main
+      - '*-stable'
+    paths-ignore:
+      - '*.md'
+
+jobs:
+  npm-publish-dry-run:
+    name: "NPM Publish (Dry Run)"
+    runs-on: ubuntu-24.04
+    env:
+      PUBLISH_TAG: 'latest'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          filter: blob:none
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+      - name: Configure git
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "React-Native Bot"
+          git remote set-url origin https://rnbot:${{ secrets.GITHUB_TOKEN }}@github.com/microsoft/react-native-macos
+      - name: Install dependencies
+        run: yarn
+      - name: Verify release config
+        run: |
+          node .ado/scripts/prepublish-check.mjs --verbose --tag ${{ env.PUBLISH_TAG }}
+
+      - name: Version and publish packages (dry run)
+        run: |
+          echo "Target branch: ${{ github.base_ref }}"
+          yarn nx release --dry-run --verbose

.github/workflows/microsoft-pr.yml

@@ -0,0 +1,60 @@
+name: PR
+
+on:
+  pull_request:
+    types: [opened, synchronize, edited]
+    branches: [ "main", "*-stable", "release/*" ]
+
+concurrency:
+  # Ensure single build of a pull request. `main` should not be affected.
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  lint-commit:
+    name: "Lint PR title"
+    permissions: {}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          filter: blob:none
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+      # We lint the PR title instead of the commit message to avoid script injection attacks.
+      # Using environment variables prevents potential security vulnerabilities as described in:
+      # https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#example-of-a-script-injection-attack
+      - name: Lint PR title
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          echo "$PR_TITLE" | npx @rnx-kit/[email protected]
+  npm-publish-dry-run:
+    name: "NPM Publish (Dry Run)"
+    runs-on: ubuntu-24.04
+    env:
+      PUBLISH_TAG: 'latest'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          filter: blob:none
+          fetch-depth: 0
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+      - name: Configure git
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "React-Native Bot"
+          git remote set-url origin https://rnbot:${{ secrets.GITHUB_TOKEN }}@github.com/microsoft/react-native-macos
+      - name: Install dependencies
+        run: yarn
+      - name: Verify release config
+        run: |
+          node .ado/scripts/prepublish-check.mjs --verbose --tag ${{ env.PUBLISH_TAG }}
+      - name: Version and publish packages (dry run)
+        run: |
+          echo "Target branch: ${{ github.base_ref }}"
+          yarn nx release --dry-run --verbose

.github/workflows/npm-publish-dry-run.yml

@@ -0,0 +1,6 @@
+---
+react-native-macos: patch
+'@react-native-mac/virtualized-lists': patch
+---
+
+new patch release