trezor-suite/.github/workflows/release-connect-npm.yml

name: "[Release] Connect NPM"

on:
  workflow_dispatch:

permissions:
  id-token: write
  contents: read

jobs:
  extract-version:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.set-version.outputs.version }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          # Number of commits to fetch. 0 indicates all history for all branches and tags.
          fetch-depth: 0

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version-file: ".nvmrc"
          registry-url: "https://registry.npmjs.org"

      - name: Extract connect version
        id: set-version
        run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT

  sanity-check-version-match:
    runs-on: ubuntu-latest
    needs: [extract-version]
    steps:
      - uses: actions/checkout@v4

      - name: Check connect version match
        uses: ./.github/actions/check-connect-version-match
        with:
          branch_ref: "${{ github.ref }}"
          extracted_version: "${{ needs.extract-version.outputs.version }}"

  identify-release-packages:
    runs-on: ubuntu-latest
    needs: [extract-version, sanity-check-version-match]
    outputs:
      packagesNeedRelease: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease }}
      deploymentType: ${{ steps.determine-deployment-type.outputs.deploymentType }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version-file: ".nvmrc"

      - name: Install dependencies
        run: yarn install

      - name: Get packages that need release
        id: set-packages-need-release
        # We want this job to be successfully complete when "no-packages-to-release" since it means that
        # there are no dependencies to release so we can continue with "deploy-npm-connect"
        run: |
          packages=$(yarn tsx ./scripts/ci/get-connect-dependencies-to-release.ts)
          if [ "$packages" == "[]" ]; then
            echo "packagesNeedRelease=[\"no-packages-to-release\"]" >> $GITHUB_OUTPUT
          else
            echo "packagesNeedRelease=$packages" >> $GITHUB_OUTPUT
          fi

      - name: Determine Deployment Type from version in branch
        id: determine-deployment-type
        run: echo "deploymentType=$(yarn tsx ./scripts/ci/determine-deployment-type.ts ${{ needs.extract-version.outputs.version }})" >> $GITHUB_OUTPUT

      - name: Sanity Check - All Packages Same Deployment Type
        # We do not run this sanity check when no-packages-to-release.
        if: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease != '["no-packages-to-release"]' }}
        env:
          PACKAGES: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease }}
          DEPLOYMENT_TYPE: ${{ steps.determine-deployment-type.outputs.deploymentType }}
        run: |
          yarn tsx ./scripts/ci/check-packages-same-deployment-type.ts '${{ env.PACKAGES }}' "${{ env.DEPLOYMENT_TYPE }}"

  deploy-npm-connect-dependencies:
    name: Deploy NPM ${{ needs.identify-release-packages.outputs.deploymentType }} ${{ matrix.package }}
    needs: [extract-version, sanity-check-version-match, identify-release-packages]
    environment: production-connect
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        package: ${{ fromJson(needs.identify-release-packages.outputs.packagesNeedRelease) }}
    steps:
      - uses: actions/checkout@v4
        if: matrix.package != 'no-packages-to-release'
        with:
          ref: develop

      - name: Set deployment type
        if: matrix.package != 'no-packages-to-release'
        id: set_deployment_type
        run: |
          if [ "${{ needs.identify-release-packages.outputs.deploymentType }}" == "canary" ]; then
            echo "DEPLOYMENT_TYPE=beta" >> $GITHUB_ENV
          else
            echo "DEPLOYMENT_TYPE=latest" >> $GITHUB_ENV
          fi

      - name: Deploy to NPM ${{ matrix.package }}
        if: matrix.package != 'no-packages-to-release'
        uses: ./.github/actions/release-connect-npm
        with:
          deploymentType: ${{ env.DEPLOYMENT_TYPE }}
          packageName: ${{ matrix.package }}

  deploy-npm-connect:
    name: Deploy NPM ${{ needs.identify-release-packages.outputs.deploymentType }} ${{ matrix.package }}
    # We only deploy connect NPM once dependencies have been deployed successfully.
    needs: [identify-release-packages, deploy-npm-connect-dependencies]
    environment: production-connect
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        package: ["connect", "connect-web", "connect-webextension", "connect-mobile"]
    steps:
      - uses: actions/checkout@v4
        with:
          ref: develop

      - name: Set deployment type
        id: set_deployment_type
        run: |
          if [ "${{ needs.identify-release-packages.outputs.deploymentType }}" == "canary" ]; then
            echo "DEPLOYMENT_TYPE=beta" >> $GITHUB_ENV
          else
            echo "DEPLOYMENT_TYPE=latest" >> $GITHUB_ENV
          fi

      - name: Deploy to NPM ${{ matrix.package }}
        uses: ./.github/actions/release-connect-npm
        with:
          deploymentType: ${{ env.DEPLOYMENT_TYPE }}
          packageName: ${{ matrix.package }}