ci.yml

name: CI

on:
  push:
    branches:
      - master
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Bun
        uses: oven-sh/setup-bun@v1

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: Build project
        run: bun run build

  publish:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      contents: write # Publish GitHub Releases
      issues: write # Comment on issues
      pull-requests: write # Comment on PRs
      id-token: write # OIDC token for npm provenance
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Bun
        uses: oven-sh/setup-bun@v1
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 'lts/iron'

      - name: Import GPG
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: Build project
        run: bun run build

      # Workaround for verifyConditions step of @semantic-release/npm
      - run: cp ../package.json .
        working-directory: dist

      - name: Release
        run: bunx semantic-release
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GIT_AUTHOR_NAME: ${{ github.actor }}
          GIT_AUTHOR_EMAIL: ${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com
          GIT_COMMITTER_NAME: brewcoua-bot
          GIT_COMMITTER_EMAIL: 151367391+brewcoua-bot@users.noreply.github.com