chore: update release files

Author: agviegas

.github/workflows/publish-npm.yml

@@ -1,48 +1,50 @@
-name: Publish packages to npmjs (OIDC)
+# .github/workflows/publish-npm.yml
+name: Publish package to npmjs (OIDC)
 
 on:
   workflow_call:
     inputs:
-      publish_core:
-        required: true
-        type: boolean
-      publish_front:
-        required: true
-        type: boolean
+      package_dir:
+        description: "Path to the package to publish"
+        required: false
+        type: string
+        default: "packages/core"
 
 jobs:
   publish:
     runs-on: ubuntu-latest
+
+    # Required for npm Trusted Publishing (OIDC)
     permissions:
       contents: read
       id-token: write
 
     steps:
       - uses: actions/checkout@v4
 
+      # Use a modern Node that can run npm 11+, and/or install npm 11.5.1+ explicitly
       - uses: actions/setup-node@v4
         with:
           node-version: "24"
           registry-url: "https://registry.npmjs.org"
 
-      - name: Ensure npm supports Trusted Publishing
+      # Ensure the npm version meets the Trusted Publishing requirement
+      - name: Ensure npm >= 11.5.1
         run: |
-          npm --version
-          # Trusted publishing requires npm CLI 11.5.1+ :contentReference[oaicite:4]{index=4}
           npm i -g npm@^11.5.1
           npm --version
 
-      - name: Install dependencies (root)
+      # If you use Yarn (you do), keep it for install/build
+      - name: Install deps
         run: |
           corepack enable
           yarn install --immutable
 
-      - name: Publish core
-        if: ${{ inputs.publish_core }}
-        working-directory: packages/core
+      # Publish via npm CLI (OIDC happens automatically; no NODE_AUTH_TOKEN)
+      - name: Publish Core
         run: npm publish --access public
+        working-directory: packages/core
 
-      - name: Publish front
-        if: ${{ inputs.publish_front }}
-        working-directory: packages/front
+      - name: Publish Front
         run: npm publish --access public
+        working-directory: packages/front

.github/workflows/release-please.yml

@@ -1,44 +1,36 @@
+# .github/workflows/release-please.yml
+# This workflow handles the release-please system that manages releasing new versions.
+# It also calls `publish-npm.yml`, which then handles publishing to npmjs.
+# See: https://github.com/googleapis/release-please
 name: release-please
-
 on:
   push:
-    branches: [main]
+    branches:
+      - main
 
-permissions:
-  contents: write
-  pull-requests: write
+# Default to least privilege; grant per-job below
+permissions: {}
 
 jobs:
-  release:
+  release-please:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     outputs:
-      core_release_created: ${{ steps.rp_core.outputs['packages/core--release_created'] }}
-      front_release_created: ${{ steps.rp_front.outputs['packages/front--release_created'] }}
-
+      release_created: ${{ steps.release.outputs.release_created }}
     steps:
-      - name: Release Please (core)
-        uses: googleapis/release-please-action@v4
-        id: rp_core
-        with:
-          release-type: node
-          path: packages/core
-          include-component-in-tag: true
-
-      - name: Release Please (front)
-        uses: googleapis/release-please-action@v4
-        id: rp_front
+      - uses: google-github-actions/release-please-action@v3
+        id: release
         with:
           release-type: node
-          path: packages/front
-          include-component-in-tag: true
+          package-name: "@thatopen/components"
 
-  publish:
-    needs: release
-    if: ${{ needs.release.outputs.core_release_created == 'true' || needs.release.outputs.front_release_created == 'true' }}
+  publish-npm:
+    needs: release-please
+    if: ${{ needs.release-please.outputs.release_created }}
     permissions:
       contents: read
       id-token: write
     uses: ./.github/workflows/publish-npm.yml
-    with:
-      publish_core: ${{ needs.release.outputs.core_release_created == 'true' }}
-      publish_front: ${{ needs.release.outputs.front_release_created == 'true' }}
+    # no secrets needed for OIDC