.github/workflows/publish_packages.yaml

name: Publish Packages

on:
  workflow_dispatch:
    inputs:
      branch:
        description: 'Branch to publish packages from'
        required: true
        default: 'master'
      version:
        description: 'Version to publish (major, minor, patch)'
        required: true
        default: 'patch'
        type: choice
        options:
          - 'patch'
          - 'minor'
          - 'major'

# Do not allow concurrent runs
concurrency: ${{ github.workflow }}-${{ github.ref }}

jobs:
  publish:
    name: Publish Packages
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ inputs.branch || 'master' }}

      - name: Get the secrets from GSM
        id: secrets_manager
        uses: toptal/davinci-github-action/gsm-secrets@main
        with:
          workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
          service_account: ${{ secrets.SA_IDENTITY_POOL }}
          secrets_name: |-
            NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH
            TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN

      - name: Parse secrets
        id: parse_secrets
        uses: toptal/davinci-github-actions/expose-json-outputs@main
        with:
          json: ${{ steps.secrets_manager.outputs.secrets }}

      - name: Set ENV Variables
        run: |-
          echo "NPM_TOKEN=${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}" >> $GITHUB_ENV
          echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}" >> $GITHUB_ENV

      - name: Setup Node.js 16.x
        uses: actions/setup-node@v3
        with:
          node-version: 16

        # Add a registry to npm config.
        # 'npm whoami' - is a check of the validity of the NPM token and connection.
      - name: Setup npm
        run: |
          npm set "//registry.npmjs.org/:_authToken=${{ env.NPM_TOKEN }}"
          npm whoami

        # Lerna should be able to make commits and create tags for new versions in repo as a user.
      - name: Configure git user
        run: |
          git config --global user.email "bot@toptal.com"
          git config --global user.name "toptal-bot"

      - name: Install Dependencies
        run: |
          yarn install --frozen-lockfile --non-interactive

      - name: Build Packages
        run: |
          yarn build

      - name: Bump versions
        run: |
          yarn lerna version ${{ inputs.version }} --yes

      - name: Publish packages
        run: |
          yarn lerna publish from-git --yes