name: KTX Release

on:
  workflow_dispatch:
    inputs:
      publish_live:
        description: "Publish @kaelio/ktx to npm instead of running a dry-run"
        required: true
        type: boolean
        default: false

permissions:
  contents: read

concurrency:
  group: ktx-release-${{ github.ref }}
  cancel-in-progress: false

jobs:
  npm-public-release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Setup pnpm
        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
        with:
          run_install: false

      - name: Setup Node.js
        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version: "24"
          cache: "pnpm"
          cache-dependency-path: "pnpm-lock.yaml"

      - name: Install TypeScript dependencies
        run: pnpm install --frozen-lockfile

      - name: Setup Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.13"

      - name: Setup uv
        uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b # v7.3.0
        with:
          enable-cache: true
          cache-dependency-glob: "uv.lock"

      - name: Install Python dependencies
        run: uv sync --all-packages

      - name: Build and verify artifacts
        run: pnpm run artifacts:check

      - name: Check release readiness
        run: pnpm run release:readiness

      - name: Dry-run npm publish
        if: ${{ !inputs.publish_live }}
        run: pnpm run release:npm-publish

      - name: Publish npm package
        if: ${{ inputs.publish_live }}
        run: pnpm run release:npm-publish -- --publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}