refactor: extract NPM publishing to reusable action

sreya · sreya · commit 37ff83b97adb · 2025-11-16T18:12:01.000Z
- Create .github/actions/npm-publish for reusable publish logic
- CI workflow now publishes pre-releases after all checks pass on main
- Publish workflow simplified to just run checks + call action for tags
- Publishing only happens after fmt, lint, typecheck, test, build succeed

Benefits:
- DRY: Single source of truth for version generation and publishing
- Safe: Pre-releases only published after all CI checks pass
- Clear: Separate concerns (CI checks vs publishing)
- Consistent: Same publish logic for both main and tags

Workflows:
- Push to main → CI runs all checks → publishes 'next' tag (if checks pass)
- Push tag → Publish runs all checks → publishes 'latest' tag (if checks pass)
- Pull requests → CI runs all checks → no publishing
diff --git a/.github/actions/npm-publish/action.yml b/.github/actions/npm-publish/action.yml
@@ -0,0 +1,110 @@
+name: Publish to NPM
+description: Publish package to NPM with version generation and idempotent checks
+
+inputs:
+  is-tag:
+    description: 'Whether this is a tag push (true) or main branch push (false)'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Setup Node.js with npm 11+ (for trusted publishing)
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20'
+        registry-url: 'https://registry.npmjs.org'
+
+    - name: Generate unique version from git
+      id: version
+      shell: bash
+      run: |
+        # Get base version from package.json
+        BASE_VERSION=$(jq -r .version package.json)
+
+        # Generate git describe version
+        GIT_DESCRIBE=$(git describe --tags --always --dirty 2>/dev/null || echo "unknown")
+
+        if [[ "${{ inputs.is-tag }}" == "true" ]]; then
+          # For tags, use the base version as-is (stable release)
+          NPM_VERSION="${BASE_VERSION}"
+          NPM_TAG="latest"
+          echo "Publishing stable release: ${NPM_VERSION}"
+        else
+          # For main branch, create a pre-release version using git describe
+          # Format: 0.3.0-next.5.g1a2b3c4 (base-next.commits.hash)
+          GIT_COMMIT=$(git rev-parse --short HEAD)
+          COMMITS_SINCE_TAG=$(git rev-list --count HEAD ^$(git describe --tags --abbrev=0 2>/dev/null || echo HEAD) 2>/dev/null || echo "0")
+          NPM_VERSION="${BASE_VERSION}-next.${COMMITS_SINCE_TAG}.g${GIT_COMMIT}"
+          NPM_TAG="next"
+          echo "Publishing pre-release: ${NPM_VERSION}"
+        fi
+
+        echo "version=${NPM_VERSION}" >> $GITHUB_OUTPUT
+        echo "tag=${NPM_TAG}" >> $GITHUB_OUTPUT
+
+        # Update package.json with the new version
+        node -e "const fs = require('fs'); const pkg = JSON.parse(fs.readFileSync('package.json')); pkg.version = '${NPM_VERSION}'; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');"
+
+        echo "Updated package.json to version ${NPM_VERSION}"
+
+    - name: Validate tag matches package.json version
+      if: inputs.is-tag == 'true'
+      shell: bash
+      run: |
+        # Extract version from package.json
+        PKG_VERSION=$(jq -r .version package.json)
+
+        # Extract version from git tag (strip 'v' prefix)
+        TAG_VERSION=${GITHUB_REF#refs/tags/v}
+
+        echo "Package version: $PKG_VERSION"
+        echo "Tag version: $TAG_VERSION"
+
+        if [ "$PKG_VERSION" != "$TAG_VERSION" ]; then
+          echo "❌ Error: Version mismatch!"
+          echo "   package.json version: $PKG_VERSION"
+          echo "   Git tag version: $TAG_VERSION"
+          echo ""
+          echo "Please ensure the git tag matches the version in package.json"
+          exit 1
+        fi
+
+        echo "✅ Version validation passed: $PKG_VERSION"
+
+    - name: Check if version exists
+      id: check-exists
+      shell: bash
+      run: |
+        PACKAGE_NAME=$(node -p "require('./package.json').name")
+        VERSION="${{ steps.version.outputs.version }}"
+
+        if npm view "${PACKAGE_NAME}@${VERSION}" version &>/dev/null; then
+          echo "exists=true" >> $GITHUB_OUTPUT
+          echo "Version ${VERSION} already exists on npm"
+        else
+          echo "exists=false" >> $GITHUB_OUTPUT
+          echo "Version ${VERSION} does not exist, will publish"
+        fi
+
+    - name: Publish to npm (with OIDC trusted publishing)
+      if: steps.check-exists.outputs.exists == 'false'
+      shell: bash
+      run: npm publish --tag ${{ steps.version.outputs.tag }} --provenance --access public
+
+    - name: Update dist-tag (version already exists)
+      if: steps.check-exists.outputs.exists == 'true' && inputs.is-tag == 'true'
+      shell: bash
+      run: |
+        PACKAGE_NAME=$(node -p "require('./package.json').name")
+        VERSION="${{ steps.version.outputs.version }}"
+        TAG="${{ steps.version.outputs.tag }}"
+
+        echo "Version ${VERSION} already published, updating dist-tag to ${TAG}"
+        npm dist-tag add "${PACKAGE_NAME}@${VERSION}" "${TAG}"
+
+    - name: Skip (pre-release already exists)
+      if: steps.check-exists.outputs.exists == 'true' && inputs.is-tag != 'true'
+      shell: bash
+      run: |
+        echo "⏭️ Pre-release version already exists, skipping"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -113,3 +113,23 @@ jobs:
 
       - name: Build library
         run: bun run build
+
+  publish:
+    name: publish to npm
+    runs-on: ubuntu-latest
+    # Only publish on main branch pushes after all checks pass
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    needs: [fmt, lint, typecheck, test, build]
+    permissions:
+      contents: read
+      id-token: write # Required for OIDC trusted publishing
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Required for git describe to find tags
+
+      - name: Publish to NPM
+        uses: ./.github/actions/npm-publish
+        with:
+          is-tag: 'false'
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -2,11 +2,8 @@ name: publish
 
 on:
   push:
-    branches:
-      - main
     tags:
-      - "v*"
-  workflow_dispatch:
+      - 'v*'
 
 permissions:
   contents: read
@@ -17,7 +14,7 @@ jobs:
     name: publish to npm
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
+      - name: Checkout tag
         uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
@@ -34,61 +31,6 @@ jobs:
         with:
           version: 0.15.2
 
-      - name: Generate unique version from git
-        id: version
-        run: |
-          # Get base version from package.json
-          BASE_VERSION=$(jq -r .version package.json)
-
-          # Generate git describe version
-          GIT_DESCRIBE=$(git describe --tags --always --dirty 2>/dev/null || echo "unknown")
-
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            # For tags, use the base version as-is (stable release)
-            NPM_VERSION="${BASE_VERSION}"
-            NPM_TAG="latest"
-            echo "Publishing stable release: ${NPM_VERSION}"
-          else
-            # For main branch, create a pre-release version using git describe
-            # Format: 0.3.0-next.5.g1a2b3c4 (base-next.commits.hash)
-            GIT_COMMIT=$(git rev-parse --short HEAD)
-            COMMITS_SINCE_TAG=$(git rev-list --count HEAD ^$(git describe --tags --abbrev=0 2>/dev/null || echo HEAD) 2>/dev/null || echo "0")
-            NPM_VERSION="${BASE_VERSION}-next.${COMMITS_SINCE_TAG}.g${GIT_COMMIT}"
-            NPM_TAG="next"
-            echo "Publishing pre-release: ${NPM_VERSION}"
-          fi
-
-          echo "version=${NPM_VERSION}" >> $GITHUB_OUTPUT
-          echo "tag=${NPM_TAG}" >> $GITHUB_OUTPUT
-
-          # Update package.json with the new version
-          node -e "const fs = require('fs'); const pkg = JSON.parse(fs.readFileSync('package.json')); pkg.version = '${NPM_VERSION}'; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');"
-
-          echo "Updated package.json to version ${NPM_VERSION}"
-
-      - name: Validate tag matches package.json version
-        if: github.ref_type == 'tag'
-        run: |
-          # Extract version from package.json
-          PKG_VERSION=$(jq -r .version package.json)
-
-          # Extract version from git tag (strip 'v' prefix)
-          TAG_VERSION=${GITHUB_REF#refs/tags/v}
-
-          echo "Package version: $PKG_VERSION"
-          echo "Tag version: $TAG_VERSION"
-
-          if [ "$PKG_VERSION" != "$TAG_VERSION" ]; then
-            echo "❌ Error: Version mismatch!"
-            echo "   package.json version: $PKG_VERSION"
-            echo "   Git tag version: $TAG_VERSION"
-            echo ""
-            echo "Please ensure the git tag matches the version in package.json"
-            exit 1
-          fi
-
-          echo "✅ Version validation passed: $PKG_VERSION"
-
       - name: Build WASM
         run: ./scripts/build-wasm.sh
 
@@ -110,41 +52,7 @@ jobs:
       - name: Build library
         run: bun run build
 
-      - name: Setup Node.js with npm 11+ (for trusted publishing)
-        uses: actions/setup-node@v4
+      - name: Publish to NPM
+        uses: ./.github/actions/npm-publish
         with:
-          node-version: '20'
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Check if version exists
-        id: check-exists
-        run: |
-          PACKAGE_NAME=$(node -p "require('./package.json').name")
-          VERSION="${{ steps.version.outputs.version }}"
-
-          if npm view "${PACKAGE_NAME}@${VERSION}" version &>/dev/null; then
-            echo "exists=true" >> $GITHUB_OUTPUT
-            echo "Version ${VERSION} already exists on npm"
-          else
-            echo "exists=false" >> $GITHUB_OUTPUT
-            echo "Version ${VERSION} does not exist, will publish"
-          fi
-
-      - name: Publish to npm (with OIDC trusted publishing)
-        if: steps.check-exists.outputs.exists == 'false'
-        run: npm publish --tag ${{ steps.version.outputs.tag }} --provenance --access public
-
-      - name: Update dist-tag (version already exists)
-        if: steps.check-exists.outputs.exists == 'true' && github.ref_type == 'tag'
-        run: |
-          PACKAGE_NAME=$(node -p "require('./package.json').name")
-          VERSION="${{ steps.version.outputs.version }}"
-          TAG="${{ steps.version.outputs.tag }}"
-
-          echo "Version ${VERSION} already published, updating dist-tag to ${TAG}"
-          npm dist-tag add "${PACKAGE_NAME}@${VERSION}" "${TAG}"
-
-      - name: Skip (pre-release already exists)
-        if: steps.check-exists.outputs.exists == 'true' && github.ref_type != 'tag'
-        run: |
-          echo "⏭️ Pre-release version already exists, skipping"
+          is-tag: 'true'
