name: Preview Releases

on:
  push:
    # `bot/fix-*` branches are pushed by .github/workflows/investigate.yml
    # before the bot asks the reporter to verify a candidate fix. The
    # ask comment includes an `npm i https://pkg.pr.new/emdash@bot/fix-<n>`
    # install URL (the full branch name -- pkg.pr.new resolves branches by
    # their full ref) that only resolves once pkg.pr.new has actually
    # published a preview release on the branch -- hence the explicit
    # branch pattern here.
    branches: [main, "bot/fix-*"]
  pull_request:
    branches: [main]

permissions: {}

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
  publish:
    name: Publish Preview
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
        with:
          persist-credentials: false
      - uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6.0.8
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 22
          cache: pnpm
      - run: pnpm install --frozen-lockfile
      - run: pnpm build
      # Publish a preview for every public package via globs rather than a
      # hardcoded list. This keeps preview installs self-consistent: when
      # `emdash`'s preview references a sibling like @emdash-cms/registry-client
      # via `workspace:*`, pkg.pr.new can only rewrite that to a matching
      # preview URL if the sibling is published in the same run. Omitting one
      # makes the dep fall back to npm's released version, which breaks when the
      # source has drifted (e.g. a new exports subpath added without a release).
      # pkg.pr.new skips `private: true` packages automatically, so the test
      # fixtures under packages/plugins/* are excluded without enumerating them.
      - run: pnpm exec pkg-pr-new publish --pnpm './packages/*' './packages/plugins/*'
