learning_ai_common_plat/.gitea/workflows/publish-packages.yml

name: Publish @bytelyst/* packages

on:
  workflow_dispatch:
  push:
    branches: [main]

concurrency:
  group: publish-${{ github.ref }}
  cancel-in-progress: false

defaults:
  run:
    shell: bash

jobs:
  publish:
    runs-on: [ubuntu-latest, bytelyst, hostinger]
    container:
      image: node:20-bookworm@sha256:8f693eaa7e0a8e71560c9a82b55fd54c2ae920a2ba5d2cde28bac7d1c01c9ba5
      options: --network host -v /home/gitea-runner/.gitea_publish_npmrc:/run/secrets/gitea_publish_npmrc:ro
    env:
      # Gitea 1.22 does not support workflow_dispatch inputs, so the
      # push/manual default remains the narrow, safe publish path.
      PACKAGE_FILTER: '@bytelyst/errors'
      DRY_RUN: 'false'

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          github-server-url: https://gitea.bytelyst.com

      - name: Print build context
        run: |
          echo "Ref:     ${{ github.ref }}"
          echo "RefName: ${{ github.ref_name }}"
          echo "Commit:  ${{ github.sha }}"
          echo "Runner:  $(hostname)"
          echo "Package filter: $PACKAGE_FILTER"
          echo "Dry run: $DRY_RUN"
          grep '^PRETTY_NAME=' /etc/os-release || true
          node --version
          npm --version          

      - name: Install pinned pnpm
        run: |
          npm install -g pnpm@10.6.5
          pnpm --version          

      - name: Configure publish registry
        run: |
          cp /run/secrets/gitea_publish_npmrc /tmp/publish.npmrc
          chmod 600 /tmp/publish.npmrc
          echo "Configured registry:"
          sed -E 's#(_auth(Token)?=).*#\1***#; s#(//[^[:space:]]+:)_authToken=.*#\1_authToken=***#' /tmp/publish.npmrc
          npm whoami --userconfig /tmp/publish.npmrc --registry https://gitea.bytelyst.com/api/packages/learning_ai_user/npm/          

      - name: Install workspace deps
        run: HUSKY=0 pnpm install --frozen-lockfile

      - name: Discover, build, test, pack, publish, and verify queued packages
        run: scripts/gitea/ci-publish-packages.sh

      - name: Compute tarball SHA512 manifest
        run: |
          set -euo pipefail
          cd /tmp/tarballs
          if ls *.tgz >/dev/null 2>&1; then
            sha512sum *.tgz > manifest.sha512
            cat manifest.sha512
          else
            echo "No tarballs produced" > manifest.sha512
            cat manifest.sha512
          fi