name: Publish packages

on:
  push:
    branches:
      - main

permissions:
  contents: read

env:
  # Among other things, opts out of telemetry
  # See https://consoledonottrack.com/
  DO_NOT_TRACK: "1"

jobs:
  publish:
    permissions:
      contents: write
      id-token: write
      pull-requests: write
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install package manager
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # 4.2.0
        with:
          version: 10.24.0

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          cache: "pnpm"
          node-version: current
          registry-url: "https://registry.npmjs.org"

      - name: Install dependencies
        shell: bash
        run: pnpm install

      - name: Create Changesets Pull Request or Publish to NPM
        uses: changesets/action@e0145edc7d9d8679003495b11f87bd8ef63c0cba # v1.5.3
        with:
          publish: pnpm changeset publish
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # Use OIDC for npm authentication instead of NPM_TOKEN
          NPM_TOKEN: "" # https://github.com/changesets/changesets/issues/1152#issuecomment-3190884868

