name: Manual NPM Publish

on:
  workflow_dispatch:
    inputs:
      version:
        description: "Version to publish (e.g. 0.2.0-dev)"
        required: false
        type: string
      dist_tag:
        description: "npm dist-tag"
        required: false
        default: dev
        type: string
  workflow_call:
    inputs:
      version:
        required: true
        type: string
      dist_tag:
        required: false
        type: string
        default: dev

permissions:
  contents: read
  id-token: write

jobs:
  publish:
    runs-on: ubuntu-latest
    env:
      NODE_VERSION: 20
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          registry-url: https://registry.npmjs.org

      - name: Ensure npm >=11.5.1
        run: npm install -g npm@latest

      - name: Install dependencies
        run: npm ci --workspaces

      - name: Ensure rollup native binary
        run: npm install @rollup/rollup-linux-x64-gnu --no-save

      - name: Build server package (includes UI bundling)
        run: npm run build --workspace @neuralnomads/codenomad

      - name: Set publish metadata
        shell: bash
        run: |
          VERSION_INPUT="${{ inputs.version }}"
          if [ -z "$VERSION_INPUT" ]; then
            VERSION_INPUT=$(node -p "require('./package.json').version")
          fi
          echo "VERSION=$VERSION_INPUT" >> "$GITHUB_ENV"
          echo "DIST_TAG=${{ inputs.dist_tag || 'dev' }}" >> "$GITHUB_ENV"

      - name: Bump package version for publish
        run: npm version ${VERSION} --workspaces --include-workspace-root --no-git-tag-version --allow-same-version

      - name: Publish server package with provenance
        env:
          NPM_CONFIG_PROVENANCE: true
          NPM_CONFIG_REGISTRY: https://registry.npmjs.org
        run: |
          npm publish --workspace @neuralnomads/codenomad --access public --tag ${DIST_TAG} --provenance