name: Release step 2 - Publish to NPM

on:
  release:
    types: [published]

permissions:
  contents: read
  id-token: write

jobs:
  publish-to-npm:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [24.x]
    steps:
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.event.release.tag_name }}

      - name: Verify release tag
        run: |
          echo "Release tag: ${{ github.event.release.tag_name }}"
          echo "Current ref: $(git describe --tags --exact-match)"

          # Verify we're on the exact tag
          if [[ "$(git describe --tags --exact-match)" != "${{ github.event.release.tag_name }}" ]]; then
            echo "ERROR: Not on the expected tag!"
            exit 1
          fi

          # Verify package.json version matches tag
          package_version="v$(node -p "require('./package.json').version")"
          if [[ "$package_version" != "${{ github.event.release.tag_name }}" ]]; then
            echo "ERROR: Package version ($package_version) doesn't match tag (${{ github.event.release.tag_name }})!"
            exit 1
          fi

          echo "✅ Verified: Building from tag ${{ github.event.release.tag_name }}"

      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v6
        with:
          node-version: ${{ matrix.node-version }}
          cache: "npm"

      - name: Install dependencies
        run: npm ci

      - name: Build Shared UI
        run: npm run build:lib

      - name: Publish package to NPM
        id: npm_publish
        run: npm publish --access public --provenance