web/.github/workflows/release-packages.yml

name: Release Packages

on:
  workflow_dispatch:
    inputs:
      packages:
        description: 'Packages to release (comma-separated, or "all")'
        required: false
        default: "all"
      bump:
        description: "Semver bump (patch | minor | major)"
        required: false
        default: "patch"

jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write # we commit the bumped versions back
      id-token: write # required for JSR OIDC
    env:
      NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v6

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: latest

      - name: Setup Node.js
        uses: actions/setup-node@v6
        with:
          node-version: 24
          cache: pnpm
          cache-dependency-path: "**/pnpm-lock.yaml"
          registry-url: "https://registry.npmjs.org"

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Resolve package list
        id: pkgs
        shell: bash
        run: |
          set -euo pipefail
          if [ "${{ github.event.inputs.packages }}" = "all" ] || [ -z "${{ github.event.inputs.packages }}" ]; then
            mapfile -t TARGETS < <(ls -d packages/* | grep -v 'packages/web')
          else
            IFS=',' read -ra TARGETS <<< "${{ github.event.inputs.packages }}"
            TARGETS=("${TARGETS[@]/#/packages/}")
          fi
          printf '%s\n' "${TARGETS[@]}" | paste -sd, - > targets.txt
          echo "list=$(cat targets.txt)" >> "$GITHUB_OUTPUT"
          echo "Targets: $(cat targets.txt)"

      - name: Bump package.json versions (no git tag)
        shell: bash
        run: |
          set -euo pipefail
          BUMP="${{ github.event.inputs.bump }}"
          IFS=',' read -ra TARGETS <<< "${{ steps.pkgs.outputs.list }}"
          for dir in "${TARGETS[@]}"; do
            if [ -f "$dir/package.json" ]; then
              echo "Bumping $dir -> $BUMP"
              (cd "$dir" && npm version "$BUMP" --no-git-tag-version --allow-same-version)
            fi
          done

      - name: Generate jsr.json from package.json (pkg-to-jsr)
        shell: bash
        run: |
          set -euo pipefail
          IFS=',' read -ra TARGETS <<< "${{ steps.pkgs.outputs.list }}"
          for dir in "${TARGETS[@]}"; do
            if [ -f "$dir/package.json" ]; then
              echo "Generating jsr.json for $dir"
              pnpm dlx pkg-to-jsr --root "$dir"
              # # Optional: show result
              # jq -C . "$dir/jsr.json" || cat "$dir/jsr.json"
            fi
          done

      - name: Commit version bumps
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          set -euo pipefail
          git config user.name  "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add packages/*/package.json packages/*/jsr.json 2>/dev/null || true
          if ! git diff --cached --quiet; then
            git checkout -b version_bump
            git commit -m "chore(release): bump package versions (${{ github.event.inputs.bump }})"
            git push -u origin version_bump
            gh pr create --title "Bump package versions" --body "Bump versions of NPM and JSR packages" --base main --head version_bump
            echo "Pushed to branch version_bump"
          else
            echo "No changes to commit."
          fi

      - name: Build selected packages
        shell: bash
        run: |
          set -euo pipefail
          IFS=',' read -ra TARGETS <<< "${{ steps.pkgs.outputs.list }}"
          for dir in "${TARGETS[@]}"; do
            echo "Building $dir"
            pnpm --filter "./$dir" run build
          done

      - name: Publish to JSR (OIDC)
        shell: bash
        run: |
          set -euo pipefail
          IFS=',' read -ra TARGETS <<< "${{ steps.pkgs.outputs.list }}"
          for dir in "${TARGETS[@]}"; do
            if [ -f "$dir/jsr.json" ]; then
              echo "Publishing $dir to JSR via OIDC…"
              ( cd "$dir"
                [ -d dist ] || pnpm run build
                npx --yes jsr publish
              )
            fi
          done

      - name: Configure npm auth
        run: |
          pnpm config set //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
          pnpm config set registry https://registry.npmjs.org/

      - name: Publish to npm
        shell: bash
        run: |
          set -euo pipefail
          IFS=',' read -ra TARGETS <<< "${{ steps.pkgs.outputs.list }}"
          for dir in "${TARGETS[@]}"; do
            if [ -f "$dir/package.json" ]; then
              echo "Publishing $dir to npm…"
              ( cd "$dir"
                [ -d dist ] || pnpm run build
                npm publish --access public
              )
            fi
          done