actions/.github/workflows/release.yaml

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json

name: Build & Lint & Test & Release

# Required permission on the caller workflow
# permissions:
#   contents: write

on:
  workflow_call:
    inputs:
      node-version:
        description: 'Node.js version'
        required: true
        default: 'lts/*'
        type: string
    secrets:
      RELEASER_ACCOUNT_TOKEN:
        required: true
        description: 'GitHub token for the releaser account'
      GPG_KEY_ID:
        required: true
        description: 'GPG key ID'
      GPG_PRIVATE_KEY:
        required: true
        description: 'GPG private key'

jobs:
  main:
    name: Build & Lint & Test & Release
    runs-on: ubuntu-latest

    steps:
      - name: ⤵️ Checkout repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 0
          token: ${{ secrets.RELEASER_ACCOUNT_TOKEN }}

      - name: 🙂‍↔️ Import GPG key
        run: |
          echo "${{ env.GPG_PRIVATE_KEY }}" | gpg --batch --import
          echo -e "5\ny\n" | gpg --batch --yes --command-fd 0 --edit-key ${{ secrets.GPG_KEY_ID }} trust quit
        env:
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY}}
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}

      - name: 🫡 Setup Git
        run: |
          git config --global user.name "Nexim Bot"
          git config --global user.email "bot@thenexim.com"
          git config --global user.signingkey ${{ secrets.GPG_KEY_ID }}
          git config --global commit.gpgsign true
        env:
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}

      - name: 🔧 Setup Node.js
        uses: actions/setup-node@v5
        with:
          node-version: ${{ inputs.node-version }}

      - name: 🛠️ Setup Node.js Corepack
        run: corepack enable

      - name: 📦 Get Yarn Config
        id: yarn_config
        run: echo "cache_folder=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT

      - name: 🗄️ Cache Layer
        uses: actions/cache@v4
        with:
          path: ${{ steps.yarn_config.outputs.cache_folder }}
          key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: 📥 Install Dependencies
        run: yarn install --immutable

      - name: 🏗️ Build
        run: yarn build
        env:
          WIREIT_LOGGER: metrics

      - name: 🧹 Run ESLint
        run: yarn lint
        env:
          WIREIT_LOGGER: metrics

      - name: 🧪 Run Tests
        run: yarn test
        env:
          WIREIT_LOGGER: metrics

      - name: 🤖 Get Release
        run: yarn lerna version --yes
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASER_ACCOUNT_TOKEN }}
          WIREIT_LOGGER: metrics