Publish #14

	name: 📦 Publish

	on:
	workflow_dispatch:
	inputs:
	version-bump:
	description: 'Version bump type'
	required: true
	type: choice
	options:
	- patch
	- minor
	- major
	dist-tag:
	description: 'npm dist-tag (latest, next, beta, canary, backport, etc.)'
	required: false
	default: 'latest'
	type: string
	debug:
	description: 'Enable debug output'
	required: false
	default: '0'
	type: choice
	options:
	- '0'
	- '1'

	permissions:
	contents: write
	id-token: write

	jobs:
	bump-version:
	runs-on: ubuntu-latest
	outputs:
	new-tag: ${{ steps.bump.outputs.new-tag }}
	steps:
	- name: Checkout
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

	- name: Setup Node.js
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
	with:
	node-version: '20'

	- name: Configure Git
	run: \|
	git config user.name "github-actions[bot]"
	git config user.email "github-actions[bot]@users.noreply.github.com"

	- name: Bump version
	id: bump
	run: \|
	npm version ${{ inputs.version-bump }} -m "v%s"
	echo "new-tag=$(git describe --tags --abbrev=0)" >> "$GITHUB_OUTPUT"

	- name: Push changes
	run: git push && git push --tags

	publish:
	needs: bump-version
	uses: SocketDev/socket-registry/.github/workflows/provenance.yml@main
	with:
	debug: ${{ inputs.debug }}
	dist-tag: ${{ inputs.dist-tag }}
	package-name: '@socketsecurity/socket-patch'
	publish-script: 'publish:ci'
	ref: ${{ needs.bump-version.outputs.new-tag }}
	setup-script: 'pnpm run build'
	use-trusted-publishing: true

Provide feedback