name: npm-push
description: "Publish an NPM package to a registry."
inputs:
  tgz:
    description: "Path to the tarball file to publish."
    required: true
  workingDirectory:
    description: "Working directory for the publish operation."
    required: false
    default: "."
  registry:
    description: "NPM registry URL."
    required: false
    default: ${{ github.server_url }}/api/packages/${{ github.repository_owner }}/npm/
  apiKey:
    description: "NPM authentication token."
    required: true
  nodeVersion:
    description: "Node.js version to use."
    required: false
    default: "20"
  access:
    description: "Package access level: public or restricted."
    required: false
    default: "public"
runs:
  using: "composite"
  steps:
  - name: "Setup Node.js"
    uses: https://github.com/actions/setup-node@v4
    with:
      node-version: ${{ inputs.nodeVersion }}
  - name: "Publish package"
    run: |
      TGZ_PATH="${{ inputs.tgz }}"
      # Trim whitespace
      TGZ_PATH=$(echo "$TGZ_PATH" | xargs)

      # Resolve to absolute path so npm never misinterprets it as a git shorthand
      TGZ_PATH="$(realpath "$TGZ_PATH")"

      # Verify the tarball exists
      if [ ! -f "$TGZ_PATH" ]; then
        echo "Error: Tarball not found at $TGZ_PATH (working directory: $(pwd))"
        exit 1
      fi

      # Configure npm authentication for the registry (scoped to project)
      REGISTRY_PATH=$(echo "${{ inputs.registry }}" | sed -E 's|https?://||')
      npm config set --location=project registry "${{ inputs.registry }}"
      npm config set --location=project "//${REGISTRY_PATH}:_authToken" "${{ inputs.apiKey }}"

      echo "Publishing $TGZ_PATH to ${{ inputs.registry }}"
      npm publish "$TGZ_PATH" --access ${{ inputs.access }}
    working-directory: ${{ inputs.workingDirectory }}
    shell: bash
  - name: "Clean up npm authentication"
    if: always()
    run: |
      # Clean up project .npmrc in case of early exit
      rm -f .npmrc
    working-directory: ${{ inputs.workingDirectory }}
    shell: bash