# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Publish NPM

# Required permission on the caller workflow
# permissions:
#   contents: read
#   id-token: write

on:
  workflow_call:
    inputs:
      node-version:
        description: 'Node.js version'
        required: true
        default: 'lts/*'
        type: string
      npm-registry-url:
        description: 'NPM registry url'
        required: false
        default: 'https://registry.npmjs.org'
        type: string
    secrets:
      NPM_TOKEN:
        required: true
        description: 'NPM token'

jobs:
  main:
    if: github.repository_owner == 'the-nexim'

    name: Publish NPM
    runs-on: blacksmith-2vcpu-ubuntu-2404

    steps:
      - name: 📥 Checkout repository
        uses: actions/checkout@v5

      - name: 🔧 Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: ${{ inputs.node-version }}
          registry-url: ${{ inputs.npm-registry-url }}

      - name: 🛠️ Setup Node.js Corepack
        run: corepack enable

      - name: 📦 Get Yarn Config
        id: yarn_config
        run: echo "cache_folder=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT

      - name: 🗄️ Cache Layer
        uses: actions/cache@v4
        with:
          path: ${{ steps.yarn_config.outputs.cache_folder }}
          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: 📥 Install Dependencies
        run: yarn install --immutable

      - name: 🏗️ Build
        run: yarn build
        env:
          WIREIT_LOGGER: metrics
          NODE_ENV: production

      - name: 🚀 Publish
        run: yarn run publish -- --yes
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
          NPM_CONFIG_PROVENANCE: true
          WIREIT_LOGGER: metrics