name: Node.js Package
on: [push]

# id-token: write must be granted here so the reusable npmpublish workflow
# can request an OIDC token for npm trusted publishing.
permissions:
  contents: write
  id-token: write

jobs:
  backend:
    uses: ./.github/workflows/backend-tests.yml
    secrets: inherit
  frontend:
    uses: ./.github/workflows/frontend-tests.yml
    secrets: inherit
  release:
    if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }}
    needs:
      - backend
      - frontend
    permissions:
      contents: write   # for the version bump push
      id-token: write   # for npm OIDC trusted publishing
    uses: ./.github/workflows/npmpublish.yml
    secrets: inherit