name: Build and release

on:
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - synchronize

env:
  environment: test
  release_channel: latest
  DO_NOT_TRACK: "1"
  NODE_VERSION: "23.x"
  NODE_REGISTRY: "https://registry.npmjs.org"
  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
  DOCKER_REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  PNPM_VERSION: 10.17.0

permissions:
  contents: write
  packages: read
  pull-requests: write
  id-token: write
  actions: read
  security-events: write
jobs:
  build:
    uses: ./.github/workflows/job-build.yaml
    name: Build

  update-release-draft:
    needs: build
    if: github.ref == 'refs/heads/main'
    uses: ./.github/workflows/job-draft-release.yaml

  release:
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write
      pages: write
    name: Release
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    needs: update-release-draft
    environment: release
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/setup-node@v4
        with:
          node-version: "${{ env.NODE_VERSION }}"
          registry-url: "${{ env.NODE_REGISTRY }}"

      - uses: pnpm/action-setup@v4
        name: Install pnpm
        with:
          version: ${{ env.PNPM_VERSION }}
          run_install: false

      - name: Install dependencies
        run: pnpm install
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

      - uses: actions/download-artifact@v4
        with:
          name: lib
          path: ./

      - name: Publish to npm
        run: |
          git config user.name "Github Actions Bot"
          git config user.email "<>"
          node ./scripts/set-version.mjs $(git describe --tag --abbrev=0)
          pnpm publish -r --no-git-checks --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}