name: Publish to npm

# Publishes the podium-mcp package to npm using the org secret NHO_NPM_TOKEN.
# Trigger manually from the Actions tab, or by pushing a tag like v0.1.0.
# The token is read only inside CI — never exposed locally.

on:
  workflow_dispatch: {}
  push:
    tags:
      - "v*"

jobs:
  publish:
    # podium is macOS-only; the unit suite includes simctl/xcrun-backed tests
    # (real recording spawn, toolchain probe) that only pass on macOS — matches ci.yml.
    runs-on: macos-latest
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "22"
          registry-url: "https://registry.npmjs.org"
      - run: npm ci
      - run: npm run typecheck
      - run: npm run build
      - run: npm test
      - run: npm publish --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NHO_NPM_TOKEN }}