name: Release

on:
  push:
    tags:
      - "v*"

permissions: {}

jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write
      id-token: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          persist-credentials: false

      - uses: pnpm/action-setup@v4

      - uses: actions/setup-node@v4
        with:
          node-version: 22
          registry-url: "https://registry.npmjs.org"

      - run: pnpm install

      - run: npx changelogithub
        continue-on-error: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Build
        run: pnpm turbo build --filter=./packages/*

      - name: Determine npm tag
        id: npm_tag
        shell: bash
        run: |
          TAG="${GITHUB_REF#refs/tags/}"
          if [[ "$TAG" =~ -(alpha|beta|next|rc|canary) ]]; then
            NPM_TAG="${BASH_REMATCH[1]}"
          else
            git fetch origin main
            if git merge-base --is-ancestor "$GITHUB_SHA" origin/main; then
              NPM_TAG="latest"
            else
              echo "::error::Stable releases must be on the main branch."
              exit 1
            fi
          fi
          echo "tag=$NPM_TAG" >> "$GITHUB_OUTPUT"
          echo "Publishing with npm tag: $NPM_TAG"

      - name: Publish to npm
        run: pnpm -r publish --access public --no-git-checks --tag "${{ steps.npm_tag.outputs.tag }}"
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_CONFIG_PROVENANCE: true