name: NPM Package Publish

on:
  push:
    branches: [main]
  release:
    types: [created]
  workflow_dispatch:

jobs:
  publish-npm:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 22
          registry-url: https://registry.npmjs.org/
      - uses: oven-sh/setup-bun@v2
      - run: bun install
      - run: bun run build
      - run: bunx kksh@latest verify --publish
      - name: Check if version is already published
        run: |
          PACKAGE_VERSION=$(node -p "require('./package.json').version")
          PACKAGE_NAME=$(jq -r '.name' package.json)
          npm view $PACKAGE_NAME@$PACKAGE_VERSION
        continue-on-error: true
        id: check_version
      - name: Publish
        if: steps.check_version.outcome != 'success'
        run: npm publish --provenance --access public
        env:
          NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}