ci.yml

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
    types: [opened, synchronize, reopened, labeled]
  pull_request_review:
    types: [submitted]

name: CI

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read # to fetch code (actions/checkout)
  packages: write # to publish packages (npm publish)

jobs:
  ci-setup:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-bun
      - uses: ./.github/actions/build
      - uses: ./.github/actions/prevent-uncommit-changes
      - run: bun test
      - run: bun run lint

  ci-canary-release:
    runs-on: ubuntu-latest
    needs: [ci-setup]
    permissions:
      contents: read # to fetch code (actions/checkout)
      packages: write # to publish packages (npm publish)
      id-token: write # The OIDC ID token is used for authentication with JSR.
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/setup-bun
      - uses: actions/setup-node@v4
        with:
          registry-url: "https://npm.pkg.github.com"
      - uses: ./.github/actions/cache
        with:
          scope: build
      - run: npm version prerelease --preid=canary.$(git rev-parse --short HEAD) --no-git-tag-version
      - run: npm publish --tag canary
        env:
          NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
      - run: bun run ./scripts/prerelease.ts
      - run: cat jsr.json
      - run: bunx jsr publish --allow-dirty