name: Build & Publish NPM Package

on:
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
    inputs:
      version:
        description: "Version to publish"
        required: true
        type: string
        # Default to truncated commit hash
        default: "0.0.0"
      tag:
        description: "Tag to publish"
        required: true
        type: string
        default: "latest"
      package:
        description: "Package to publish"
        options:
          - federation
        type: choice
        required: true

permissions:
  contents: read
  # For provenance generation
  id-token: write

jobs:
  # Build job
  build:
    runs-on: ubuntu-latest
    environment: NPM Deploy
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - uses: oven-sh/setup-bun@v1

      - uses: actions/setup-node@v4
        with:
          node-version: "22"

      - name: Create bunfig.toml with NPM token (GitHub Secrets)
        run: echo -e "[install]\nregistry = { url = \"https://registry.npmjs.org/\", token = \"${{ secrets.NPM_TOKEN }}\" }" > bunfig.toml

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: Build
        run: bun run build

      - name: Change version in package.json to ${{ github.event.inputs.version }}, defaulting to the truncated commit hash
        run: 'sed -i ''s/"version": ".*"/"version": "${{ github.event.inputs.version }}"/'' package.json ${{ github.event.inputs.package }}/package.json ${{ github.event.inputs.package }}/jsr.jsonc'

      - name: Publish to NPM
        run: npm publish --access public --tag ${{ github.event.inputs.tag }} --registry https://registry.npmjs.org/ --provenance ${{ github.event.inputs.package }}

      - name: Publish to JSR
        run: cd ${{ github.event.inputs.package }} && bunx jsr publish --allow-slow-types --allow-dirty