.github/workflows/publish.yml

name: Publish
on:
  workflow_dispatch:
  schedule:
    - cron: '0 8 * * *'
  release:
    types: [published]

jobs:
  publish-mcp-canary-npm:
    if: github.event.schedule || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write  # Required for OIDC npm publishing
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-node@v5
        with:
          node-version: 20
          registry-url: https://registry.npmjs.org/
      # Ensure npm 11.5.1 or later is installed (for OIDC npm publishing)
      - name: Update npm
        run: npm install -g npm@latest

      - name: Get current date
        id: date
        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT

      - name: Get current version
        id: version
        run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT

      - name: Set canary version
        id: canary-version
        run: echo "version=${{ steps.version.outputs.version }}-alpha-${{ steps.date.outputs.date }}" >> $GITHUB_OUTPUT

      - name: Update package.json version
        run: |
          npm version ${{ steps.canary-version.outputs.version }} --no-git-tag-version
        working-directory: ./packages/playwright-mcp

      - run: npm ci
      - run: npx playwright install --with-deps
      - run: npm run lint
      - run: npm run ctest
        working-directory: ./packages/playwright-mcp

      - name: Publish to npm with next tag
        run: npm publish --tag next
        working-directory: ./packages/playwright-mcp

  publish-mcp-release-npm:
    if: github.event_name == 'release'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write  # Required for OIDC npm publishing
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-node@v5
        with:
          node-version: 20
          registry-url: https://registry.npmjs.org/
      # Ensure npm 11.5.1 or later is installed (for OIDC npm publishing)
      - name: Update npm
        run: npm install -g npm@latest
      - run: npm ci
      - run: npx playwright install --with-deps
      - run: npm run lint
      - run: npm run ctest
        working-directory: ./packages/playwright-mcp
      - run: npm publish
        working-directory: ./packages/playwright-mcp

  publish-mcp-release-docker:
    if: github.event_name == 'release'
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write # Needed for OIDC login to Azure
    environment: allow-publishing-docker-to-acr
    steps:
      - uses: actions/checkout@v5
      - name: Set up QEMU # Needed for multi-platform builds (e.g., arm64 on amd64 runner)
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx # Needed for multi-platform builds
        uses: docker/setup-buildx-action@v3
      - name: Azure Login via OIDC
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_DOCKER_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_DOCKER_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_DOCKER_SUBSCRIPTION_ID }}
      - name: Login to ACR
        run: az acr login --name playwright
      - name: Build and push Docker image
        id: build-push
        uses: docker/build-push-action@v6
        with:
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
            playwright.azurecr.io/public/playwright/mcp:${{ github.event.release.tag_name }}
            playwright.azurecr.io/public/playwright/mcp:latest
      - uses: oras-project/setup-oras@v1
      - name: Set oras tags
        run: |
          attach_eol_manifest() {
            local image="$1"
            local today=$(date -u +'%Y-%m-%d')
            # oras is re-using Docker credentials, so we don't need to login.
            # Following the advice in https://portal.microsofticm.com/imp/v3/incidents/incident/476783820/summary
            oras attach --artifact-type application/vnd.microsoft.artifact.lifecycle --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$today" $image
          }
          # for each tag, attach the eol manifest
          for tag in $(echo ${{ steps.build-push.outputs.metadata['image.name'] }} | tr ',' '\n'); do
            attach_eol_manifest $tag
          done

  package-release-extension:
    if: github.event_name == 'release'
    runs-on: ubuntu-latest
    permissions:
      contents: write # Needed to upload release assets
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-node@v5
        with:
          node-version: 20
          cache: 'npm'
      - name: Install extension dependencies
        run: npm ci
      - name: Build extension
        working-directory: ./packages/extension
        run: npm run build
        env:
          SET_EXTENSION_PUBLIC_KEY_IN_MANIFEST: 1
      - name: Get extension version
        id: get-version
        working-directory: ./packages/extension
        run: echo "version=$(node -p "require('./package.json').version")" >> $GITHUB_OUTPUT
      - name: Package extension
        working-directory: ./packages/extension
        run: |
          cd dist
          zip -r ../playwright-mcp-extension-${{ steps.get-version.outputs.version }}.zip .
          cd ..
      - name: Upload extension to release
        env:
           GITHUB_TOKEN: ${{ github.token }}
        run: |
            gh release upload ${{github.event.release.tag_name}} ./packages/extension/playwright-mcp-extension-${{ steps.get-version.outputs.version }}.zip