name: Publish

on:
  release:
    types: [published]

permissions:
  id-token: write # Required for Trusted Publishing on NPM

jobs:
  build:
    runs-on: ubuntu-24.04

    steps:
      - uses: actions/checkout@v6
      - uses: actions/setup-node@v6
        with:
          node-version: "22.x"
          registry-url: "https://registry.npmjs.org"

      # Ensure npm 11.5.1 or later is installed
      - name: Update npm
        run: npm install -g promise-retry npm@latest

      - run: npm ci

      - run: npm publish

      - name: Build and push Docker image
        uses: openzim/docker-publish-action@v10
        with:
          image-name: openzim/phet
          tag-pattern: /^v([0-9.]+)$/
          latest-on-tag: true
          restrict-to: openzim/phet
          registries: ghcr.io
          credentials: |
            GHCRIO_USERNAME=${{ secrets.GHCR_USERNAME }}
            GHCRIO_TOKEN=${{ secrets.GHCR_TOKEN }}
          repo_description: auto
          repo_overview: auto