name: "Release"

on:
  push:
    branches: [main]

jobs:
  release:
    runs-on: "ubuntu-latest"
    permissions:
      contents: "write"
      issues: "write"
      pull-requests: "write"
      id-token: "write"
    steps:
      - uses: "actions/checkout@v4.1.7"
        with:
          fetch-depth: 0
          persist-credentials: false

      - name: "Setup Node.js"
        uses: "actions/setup-node@v4.0.3"
        with:
          node-version: "22.x"
          cache: "npm"

      - name: "Install dependencies"
        run: "npm clean-install"

      - name: "Verify the integrity of provenance attestations and registry signatures for installed dependencies"
        run: "npm audit signatures"

      - name: "Release"
        run: "node --run release"
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}