name: Publish Packages

on:
  push:
    tags:
      - "cadence-ui-v*"

permissions:
  contents: read
  id-token: write

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 10.25.0

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 24
          cache: pnpm
          registry-url: https://registry.npmjs.org
          scope: "@ai-ui"

      - name: Require npm token
        shell: bash
        run: |
          set -euo pipefail

          if [[ -z "${NPM_TOKEN:-}" ]]; then
            echo "::error::NPM_TOKEN secret is required to publish @ai-ui packages."
            exit 1
          fi
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Verify tag matches package version
        shell: bash
        run: |
          set -euo pipefail
          expected_tag="$(node ./scripts/release-metadata.mjs --field tag)"

          if [[ "${expected_tag}" != "${GITHUB_REF_NAME}" ]]; then
            echo "::error::Tag ${GITHUB_REF_NAME} does not match package version tag ${expected_tag}."
            exit 1
          fi

      - name: Run release validation
        run: pnpm release:validate

      - name: Publish packages
        run: pnpm release:publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}