From 94c6e914d124f93e3da90adbb7dd26fe6baf812b Mon Sep 17 00:00:00 2001
From: BenKalsky <ben@digitizer.co.il>
Date: Fri, 1 May 2026 18:58:30 +0300
Subject: [PATCH] ci: publish package to GitHub Packages

---
 .github/workflows/publish-github-packages.yml | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 .github/workflows/publish-github-packages.yml

diff --git a/.github/workflows/publish-github-packages.yml b/.github/workflows/publish-github-packages.yml
new file mode 100644
index 0000000..4567edb
--- /dev/null
+++ b/.github/workflows/publish-github-packages.yml
@@ -0,0 +1,87 @@
+name: Publish to GitHub Packages
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: "Run npm publish as a dry run"
+        required: false
+        default: "false"
+        type: choice
+        options:
+          - "false"
+          - "true"
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: publish-github-packages-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10.26.0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+          registry-url: https://npm.pkg.github.com
+
+      - name: Install
+        run: pnpm install --frozen-lockfile
+
+      - name: Typecheck
+        run: pnpm typecheck
+
+      - name: Test
+        run: pnpm test
+
+      - name: Build
+        run: pnpm build
+
+      - name: Pack check
+        run: npm pack --dry-run
+
+      - name: Build GitHub Packages tarball directory
+        run: |
+          set -euo pipefail
+          PACK_JSON=$(npm pack --json --ignore-scripts)
+          PACK_FILE=$(printf '%s' "$PACK_JSON" | node -e "let s=''; process.stdin.on('data', d => s += d); process.stdin.on('end', () => { const start = s.indexOf('['); const p = JSON.parse(s.slice(start)); console.log(p[0].filename); });")
+          rm -rf .publish-ghpkg
+          mkdir .publish-ghpkg
+          tar -xzf "$PACK_FILE" -C .publish-ghpkg --strip-components=1
+          node - <<'NODE'
+          const fs = require('node:fs');
+          const path = '.publish-ghpkg/package.json';
+          const pkg = JSON.parse(fs.readFileSync(path, 'utf8'));
+          pkg.name = '@digitizers/sumit-api';
+          pkg.publishConfig = {
+            registry: 'https://npm.pkg.github.com',
+            access: 'public'
+          };
+          fs.writeFileSync(path, `${JSON.stringify(pkg, null, 2)}\n`);
+          NODE
+
+      - name: Publish scoped package to GitHub Packages
+        working-directory: .publish-ghpkg
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          npm config set @digitizers:registry https://npm.pkg.github.com
+          npm config set //npm.pkg.github.com/:_authToken "${NODE_AUTH_TOKEN}"
+          if [ "${{ inputs.dry_run }}" = "true" ]; then
+            npm publish --registry=https://npm.pkg.github.com --access public --ignore-scripts --dry-run
+          else
+            npm publish --registry=https://npm.pkg.github.com --access public --ignore-scripts
+          fi