From 04070f0c2c15db3771635c2fbf30d68085c54040 Mon Sep 17 00:00:00 2001
From: Gavin Uhma <gavinuhma@users.noreply.github.com>
Date: Fri, 13 Jun 2025 18:36:56 -0300
Subject: [PATCH 1/2] Add node-actionlint for workflow linting

---
 .github/workflows/lint-workflows.yml | 21 +++++++++++++++++++++
 .github/workflows/onPushToMain.yml   | 27 ++++++++++++++++++++++++---
 .github/workflows/onRelease.yml      |  3 +--
 README.md                            | 19 +++++++++++++++++++
 package-lock.json                    | 16 ++++++++++++++++
 package.json                         |  6 ++++--
 6 files changed, 85 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/lint-workflows.yml

diff --git a/.github/workflows/lint-workflows.yml b/.github/workflows/lint-workflows.yml
new file mode 100644
index 0000000..8833459
--- /dev/null
+++ b/.github/workflows/lint-workflows.yml
@@ -0,0 +1,21 @@
+name: actionlint
+
+on:
+  # run only when workflow files change
+  pull_request:
+    paths: ['.github/workflows/**']
+  push:
+    branches: [main]
+    paths:   ['.github/workflows/**']
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      # installs the actionlint binary and scans .github/workflows
+      - name: Lint GitHub Actions
+        uses: eifinger/actionlint-action@v1
+        # with:
+        #   version: "v1.7.7"   # ⇐ uncomment to pin an exact linter version
diff --git a/.github/workflows/onPushToMain.yml b/.github/workflows/onPushToMain.yml
index 5b52d8b..8d33a40 100644
--- a/.github/workflows/onPushToMain.yml
+++ b/.github/workflows/onPushToMain.yml
@@ -4,6 +4,7 @@ name: version, tag and github release
 on:
   push:
     branches: [main]
+  workflow_dispatch:
 
 jobs:
   release:
@@ -13,14 +14,17 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
+        with:
+          node-version: latest
       - name: Check if version already exists
         id: version-check
         run: |
+          package_name=$(node -p "require('./package.json').name")
           package_version=$(node -p "require('./package.json').version")
-          exists=$(gh api repos/${{ github.repository }}/releases/tags/v$package_version >/dev/null 2>&1 && echo "true" || echo "")
+          gh_exists=$(gh api repos/${{ github.repository }}/releases/tags/v$package_version >/dev/null 2>&1 && echo "true" || echo "")
+          npm_exists=$(npm view "$package_name@$package_version" --json >/dev/null 2>&1 && echo "true" || echo "")
 
-          if [ -n "$exists" ];
-          then
+          if [ -n "$gh_exists" ] || [ -n "$npm_exists" ]; then
             echo "Version v$package_version already exists"
             echo "::warning file=package.json,line=1::Version v$package_version already exists - no release will be created. If you want to create a new release, please update the version in package.json and push again."
             echo "skipped=true" >> $GITHUB_OUTPUT
@@ -56,3 +60,20 @@ jobs:
           commit: ${{ github.ref_name }}
           token: ${{ secrets.GITHUB_TOKEN }}
           skipIfReleaseExists: true
+      - name: Install dependencies
+        if: ${{ steps.version-check.outputs.skipped == 'false' }}
+        run: npm install
+      - name: Build
+        if: ${{ steps.version-check.outputs.skipped == 'false' }}
+        run: npm run build
+      - name: Prepare package
+        if: ${{ steps.version-check.outputs.skipped == 'false' }}
+        run: npm run prepack
+      - name: Publish to npm
+        uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c
+        if: ${{ steps.version-check.outputs.skipped == 'false' }}
+        with:
+          token: ${{ secrets.NPM_TOKEN }}
+      - name: Cleanup package
+        if: ${{ steps.version-check.outputs.skipped == 'false' }}
+        run: npm run postpack
diff --git a/.github/workflows/onRelease.yml b/.github/workflows/onRelease.yml
index 95bd05b..d57ab5f 100644
--- a/.github/workflows/onRelease.yml
+++ b/.github/workflows/onRelease.yml
@@ -1,8 +1,7 @@
 name: publish
 
 on:
-  release:
-    types: [released]
+  workflow_dispatch:
 
 jobs:
   publish:
diff --git a/README.md b/README.md
index 82d2c0d..4bad36c 100644
--- a/README.md
+++ b/README.md
@@ -145,6 +145,25 @@ Run the CLI in development mode:
 ./bin/dev
 ```
 
+## Publishing
+
+Automatic publishing is handled by the `version, tag and github release` workflow. A new npm version is published whenever a version bump is merged into the `main` branch. The workflow can also be triggered manually from the **Actions** tab.
+
+To enable publishing, set the following repository secrets:
+
+- `NPM_TOKEN` – authentication token for npm.
+- `GH_EMAIL` and `GH_USERNAME` – used by the README update step.
+
+Once the secrets are configured, pushing a new version or running the workflow manually will build the project, create a GitHub release and publish the package to npm.
+
+### Linting workflows
+
+Before committing changes to workflows, you can lint them locally:
+
+```sh
+npm run lint:workflows
+```
+
 ## Contributing
 
 Contributions are always welcome! To contribute:
diff --git a/package-lock.json b/package-lock.json
index fc32839..9d82231 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -31,6 +31,7 @@
         "eslint-config-oclif": "^6",
         "eslint-config-prettier": "^10",
         "mocha": "^10",
+        "node-actionlint": "^1.2.2",
         "oclif": "^4",
         "shx": "^0.3.3",
         "ts-node": "^10",
@@ -8374,6 +8375,21 @@
         "tslib": "^2.0.3"
       }
     },
+    "node_modules/node-actionlint": {
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/node-actionlint/-/node-actionlint-1.2.2.tgz",
+      "integrity": "sha512-BUPYscLEoeKiLrWb7uFLsgDECtSgBMFOUTSL2N0EfMaVohty5DnubPDpQJnuVw7Rt11h2s+QIzg9rnNJSUCLmQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@babel/code-frame": "^7.14.5",
+        "chalk": "^4.1.1",
+        "fast-glob": "^3.2.7"
+      },
+      "bin": {
+        "node-actionlint": "bin/node-actionlint.js"
+      }
+    },
     "node_modules/node-releases": {
       "version": "2.0.19",
       "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.19.tgz",
diff --git a/package.json b/package.json
index 3a3bd38..9fed368 100644
--- a/package.json
+++ b/package.json
@@ -30,7 +30,8 @@
     "oclif": "^4",
     "shx": "^0.3.3",
     "ts-node": "^10",
-    "typescript": "^5"
+    "typescript": "^5",
+    "node-actionlint": "^1.2.2"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -62,7 +63,8 @@
     "prepack": "oclif manifest && oclif readme",
     "test": "mocha --forbid-only \"test/**/*.test.ts\"",
     "coverage": "c8 --reporter=lcov --reporter=text npm test",
-    "version": "oclif readme && git add README.md"
+    "version": "oclif readme && git add README.md",
+    "lint:workflows": "node-actionlint '.github/workflows/**/*.yml'"
   },
   "types": "dist/index.d.ts"
 }

From f3a3196b316480d4ac168d52f9683f718eaa22b6 Mon Sep 17 00:00:00 2001
From: Gavin Uhma <gavinuhma@users.noreply.github.com>
Date: Fri, 13 Jun 2025 18:51:21 -0300
Subject: [PATCH 2/2] Update onPushToMain.yml

---
 .github/workflows/onPushToMain.yml | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/onPushToMain.yml b/.github/workflows/onPushToMain.yml
index 8d33a40..31da1ac 100644
--- a/.github/workflows/onPushToMain.yml
+++ b/.github/workflows/onPushToMain.yml
@@ -18,20 +18,23 @@ jobs:
           node-version: latest
       - name: Check if version already exists
         id: version-check
+        shell: bash
         run: |
-          package_name=$(node -p "require('./package.json').name")
-          package_version=$(node -p "require('./package.json').version")
-          gh_exists=$(gh api repos/${{ github.repository }}/releases/tags/v$package_version >/dev/null 2>&1 && echo "true" || echo "")
-          npm_exists=$(npm view "$package_name@$package_version" --json >/dev/null 2>&1 && echo "true" || echo "")
+          package_name="$(node -p "require('./package.json').name")"
+          package_version="$(node -p "require('./package.json').version")"
 
-          if [ -n "$gh_exists" ] || [ -n "$npm_exists" ]; then
-            echo "Version v$package_version already exists"
-            echo "::warning file=package.json,line=1::Version v$package_version already exists - no release will be created. If you want to create a new release, please update the version in package.json and push again."
-            echo "skipped=true" >> $GITHUB_OUTPUT
+          gh_exists="$(gh api \
+              "repos/${{ github.repository }}/releases/tags/v${package_version}" \
+              >/dev/null 2>&1 && echo 'true' || echo '')"
+
+          npm_exists="$(npm view "${package_name}@${package_version}" --json \
+              >/dev/null 2>&1 && echo 'true' || echo '')"
+
+          if [[ -n "$gh_exists" || -n "$npm_exists" ]]; then
+            echo "::warning file=package.json,line=1::Version v${package_version} already exists—skipping release."
+            echo "skipped=true"  >>"${GITHUB_OUTPUT}"
           else
-            echo "Version v$package_version does not exist. Creating release..."
-            echo "skipped=false" >> $GITHUB_OUTPUT
-            echo "tag=v$package_version" >> $GITHUB_OUTPUT
+            echo "skipped=false" >>"${GITHUB_OUTPUT}"
           fi
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}