name: Build & Publish NPM Package

on:
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
    inputs:
      version:
        description: "Version to publish"
        required: true
        # Default to truncated commit hash
        default: "0.0.0"
      tag:
        description: "Tag to publish"
        required: true
        default: "latest"

permissions:
  contents: read
  # For provenance generation
  id-token: write

jobs:
  # Build job
  build:
    runs-on: ubuntu-latest
    environment: NPM Deploy
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - uses: oven-sh/setup-bun@v1

      - name: Create bunfig.toml with NPM token (GitHub Secrets)
        run: echo -e "[install]\nregistry = { url = \"https://registry.npmjs.org/\", token = \"${{ secrets.NPM_TOKEN }}\" }" > bunfig.toml

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: Build
        run: bun run build

      - name: Change version in package.json to ${{ github.event.inputs.version }}, defaulting to the truncated commit hash
        run: 'sed -i ''s/"version": ".*"/"version": "${{ github.event.inputs.version }}"/'' package.json federation/package.json federation/jsr.jsonc'

      - name: Publish to NPM
        run: bunx @morlay/bunpublish --provenance --tag ${{ github.event.inputs.tag }}

      - name: Publish to JSR
        run: cd federation && bunx jsr publish --allow-slow-types