name: 📦 Publish

# Dependencies:

# - SocketDev/socket-registry/.github/workflows/provenance.yml

on:

workflow_dispatch:

inputs:

debug:

description: 'Enable debug output'

required: false

default: '0'

type: string

options:

- '0'

- '1'

publish-without-sfw:

description: 'Publish directly to npm, bypassing Socket firewall shims'

required: false

default: false

type: boolean

permissions:

contents: write # Push git tags and create GitHub releases

id-token: write # NPM trusted publishing via OIDC

jobs:

publish:

uses: SocketDev/socket-registry/.github/workflows/provenance.yml@3362af95fadd1e325cb48e9ad6daff21c112bd72 # main

with:

debug: ${{ inputs.debug }}

package-name: '@socketsecurity/lib'

publish-without-sfw: ${{ inputs.publish-without-sfw }}

setup-script: 'pnpm run build'

use-trusted-publishing: true

secrets:

SOCKET_API_KEY: ${{ secrets.SOCKET_API_KEY }}