name: Publish @bytelyst/* packages on: workflow_dispatch: push: branches: [main] concurrency: group: publish-${{ github.ref }} cancel-in-progress: false defaults: run: shell: bash jobs: publish: runs-on: [ubuntu-latest, bytelyst, hostinger] container: image: node:20-bookworm@sha256:8f693eaa7e0a8e71560c9a82b55fd54c2ae920a2ba5d2cde28bac7d1c01c9ba5 options: --network host -v /home/gitea-runner/.gitea_publish_npmrc:/run/secrets/gitea_publish_npmrc:ro env: # Gitea 1.22 does not support workflow_dispatch inputs, so the # push/manual default remains the narrow, safe publish path. PACKAGE_FILTER: '@bytelyst/errors' DRY_RUN: 'false' steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 github-server-url: https://gitea.bytelyst.com - name: Print build context run: | echo "Ref: ${{ github.ref }}" echo "RefName: ${{ github.ref_name }}" echo "Commit: ${{ github.sha }}" echo "Runner: $(hostname)" echo "Package filter: $PACKAGE_FILTER" echo "Dry run: $DRY_RUN" grep '^PRETTY_NAME=' /etc/os-release || true node --version npm --version - name: Install pinned pnpm run: | npm install -g pnpm@10.6.5 pnpm --version - name: Configure publish registry run: | cp /run/secrets/gitea_publish_npmrc /tmp/publish.npmrc chmod 600 /tmp/publish.npmrc echo "Configured registry:" sed -E 's#(_auth(Token)?=).*#\1***#; s#(//[^[:space:]]+:)_authToken=.*#\1_authToken=***#' /tmp/publish.npmrc npm whoami --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/learning_ai_user/npm/ - name: Install workspace deps run: HUSKY=0 pnpm install --frozen-lockfile - name: Discover, build, test, pack, publish, and verify queued packages run: scripts/gitea/ci-publish-packages.sh - name: Compute tarball SHA512 manifest run: | set -euo pipefail cd /tmp/tarballs if ls *.tgz >/dev/null 2>&1; then sha512sum *.tgz > manifest.sha512 cat manifest.sha512 else echo "No tarballs produced" > manifest.sha512 cat manifest.sha512 fi