name: Release Insiders

on:
  push:
    branches: [main]

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

permissions:
  contents: read
  # https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
  id-token: write

jobs:
  build:
    runs-on: ubuntu-latest

    strategy:
      matrix:
        node-version: [20]

    steps:
      - uses: actions/checkout@v4

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          registry-url: 'https://registry.npmjs.org'

      - name: Use cached node_modules
        id: cache
        uses: actions/cache@v4
        with:
          path: '**/node_modules'
          key: ${{ runner.os }}-${{ env.NODE_VERSION }}-modules-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            nodeModules-

      - name: Install dependencies
        run: npm ci
        env:
          CI: true

      - name: Test
        run: |
          npm run test || npm run test || npm run test || exit 1
        env:
          CI: true

      - name: Resolve version
        id: vars
        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"

      - name: 'Version based on commit: 0.0.0-insiders.${{ steps.vars.outputs.sha_short }}'
        run: npm version -w packages 0.0.0-insiders.${{ steps.vars.outputs.sha_short }} --force --no-git-tag-version

      - name: Publish
        run: npm publish -w packages --provenance --tag insiders
        env:
          CI: true
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}