# This is a basic workflow to help you get started with Actions

name: Publish

# Controls when the workflow will run
on:
  pull_request:
    types: [closed]
    branches: ['main']
    paths:
      - '.github/**'
      - 'src/**'
      - 'api/**'
      - 'public/**'
      - 'package.json'
      - 'package-lock.json'
      - 'rollup.config.js'
      - 'tsconfig.json'
      - '.npmrc'
      - '.release-it.json'
      - 'README.md'
      - 'CONTRIBUTING.md'
      - 'CODE_OF_CONDUCT.md'
      - 'SECURITY.md'
      - '.postcssrc.cjs'
      - '.browserlistrc'
  workflow_dispatch:
jobs:
  publish:
    if: github.event.pull_request.merged == true
    runs-on: ubuntu-latest
    permissions:
      contents: write # For git operations
      id-token: write # < REQUIRED FOR OIDC

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Checkout all branches and tags
          token: ${{ secrets.GH_TOKEN }}
      - name: Setup Node.js environment
        uses: actions/setup-node@v4
        with:
          node-version: '>=22.8.0'
      - run: npm install -g npm@latest
      - name: Install dependencies
        run: | # Install and link dependencies
          npm ci
          git checkout -- package-lock.json
      - name: 'Release' # Interesting step
        run: |
          git config user.name "${{ github.actor }}"
          git config user.email "${{ github.actor}}@users.noreply.github.com"
          npm run release
        env:
          GH_TOKEN: ${{ secrets.GH_TOKEN }}
  notify:
    name: Notify failed build
    needs: publish
    if: failure()
    runs-on: ubuntu-latest
    steps:
      - uses: jayqi/failed-build-issue-action@v1.2
        with:
          github-token: ${{ secrets.GH_TOKEN }}
          label-name: 'problems: build failed'