name: Publish

on:
  release:
    types:
      - published

permissions:
  id-token: write  # Required for OIDC / npmjs publish
  contents: write
  pull-requests: write

jobs:
  publish:
    name: Publish to npm
    if: ${{ github.repository_owner == 'accordproject' }}
    runs-on: ubuntu-latest
    environment: production

    steps:
      - name: git checkout
        uses: actions/checkout@v2

      - name: Use Node.js 20.x
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          registry-url: 'https://registry.npmjs.org'

      # Ensure npm 11.5.1 or later for trusted publishing
      - run: npm install -g npm@latest

      - run: npm ci
      - run: npm run build --if-present

      - name: tag
        id: tag
        run: |
          node ./scripts/tag.js ${{ github.event.release.tag_name }}

      - name: build and publish
        run: |
          npm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}
          npm version --no-git-tag-version --yes --exact ${{ github.event.release.tag_name }}
          npm publish --access public ${{ steps.tag.outputs.tag }} 2>&1

      - name: Create PR to increment version
        uses: peter-evans/create-pull-request@v8
        with:
          base: main
          commit-message: 'chore(actions): publish ${{ github.event.release.tag_name }} to npm'
          committer: GitHub <noreply@github.com>
          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
          signoff: true
          branch: ap-publish-${{ github.event.release.tag_name }}
          delete-branch: true
          title: 'chore(actions): publish ${{ github.event.release.tag_name }} to npm'
          body: |
            # Increment Versions
            Update the package.json version numbers after publishing to NPM.
          assignees: ${{ github.actor }}
          reviewers: ${{ github.actor }}
          draft: false