Merge pull request #1912 from embroider-build/actions-warnings #33

	# For every push to the master branch, this checks if the release-plan was
	# updated and if it was it will publish stable npm packages based on the
	# release plan

	name: Publish Stable

	on:
	workflow_dispatch:
	push:
	branches:
	- main

	concurrency:
	group: publish-${{ github.head_ref \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	check-plan:
	name: "Check Release Plan"
	runs-on: ubuntu-latest
	outputs:
	command: ${{ steps.check-release.outputs.command }}

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	ref: 'main'
	# This will only cause the `check-plan` job to have a result of `success`
	# when the .release-plan.json file was changed on the last commit. This
	# plus the fact that this action only runs on main will be enough of a guard
	- id: check-release
	run: if git diff --name-only HEAD HEAD~1 \| grep -w -q ".release-plan.json"; then echo "command=release"; fi >> $GITHUB_OUTPUT

	publish:
	name: "NPM Publish"
	runs-on: ubuntu-latest
	needs: check-plan
	if: needs.check-plan.outputs.command == 'release'
	permissions:
	contents: write
	pull-requests: write

	steps:
	- uses: actions/checkout@v4
	- uses: ./.github/actions/setup
	with:
	use_pinned_node: "true"
	- uses: actions/setup-node@v4
	with:
	# This creates an .npmrc that reads the NODE_AUTH_TOKEN environment variable
	registry-url: 'https://registry.npmjs.org'

	- name: npm publish
	run: pnpm release-plan publish

	env:
	GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

Provide feedback