From 78e0d7e700351bdd37fdcde25bd4281f58193c45 Mon Sep 17 00:00:00 2001
From: Frederik Zorn <fz@zorrn.net>
Date: Sat, 9 Mar 2024 15:27:59 +0000
Subject: [PATCH] feat(gh-actions): automatic linting and publishing

---
 .github/dependabot.yml        | 16 ++++++++
 .github/workflows/publish.yml | 71 +++++++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..97720e7
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for more information:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+# https://containers.dev/guide/dependabot
+
+version: 2
+updates:
+  - package-ecosystem: "devcontainers"
+    directory: "/"
+    schedule:
+      interval: weekly
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..4240134
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,71 @@
+name: Lint and publish to npmjs
+
+on:
+  push:
+    # no run on dependabot branches
+    branches:
+      - "**"
+      - "!dependabot/**"
+    # publish on tags
+    tags:
+      - "v**"
+  pull_request:
+  workflow_dispatch:
+
+env:
+  # tool versions
+  BUN_VERSION: 1.0.30 # used for linting
+  NODE_LTS_VERSION: 20 # used for publishing
+
+permissions:
+  # npm provenance: mint an ID-token
+  id-token: write
+
+jobs:
+  lint:
+    name: Lint (Xo and Prettier)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+
+      - name: Set up Bun.sh
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: ${{ env.BUN_VERSION }}
+
+      - name: Install dependencies (no change to bun.lockb)
+        run: bun install --frozen-lockfile
+
+      - name: Lint
+        run: bun run lint
+
+  publish:
+    name: Publish on npmjs
+    if: github.repository == 'z0rrn/hugo-install' && startsWith(github.ref, 'refs/tags/')
+    needs: [lint]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+
+      - name: Set up Bun.sh
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: ${{ env.BUN_VERSION }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_LTS_VERSION }}
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Install dependencies (no change to bun.lockb)
+        run: bun install --frozen-lockfile
+
+      - name: Publish on npm
+        run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}