CICD

.github/workflows/publish.yml

@@ -1,11 +1,3 @@
-# Unified workflow for publishing pgconsole to Docker Hub and npm
-#
-# Docker: Always publishes 'latest' tag. Adds version tag when package.json version changes.
-# npm: Only publishes when version changes (or manual trigger). Uses OIDC trusted publishing.
-#
-# Prerequisites for npm OIDC: Configure trusted publisher at https://www.npmjs.com/package/@pgplex/pgconsole/access
-#   - Workflow filename: publish.yml
-
 name: Publish
 
 on:
@@ -14,10 +6,6 @@ on:
       version:
         description: "Version tag (e.g. 1.2.0). If empty, auto-detected from package.json."
         required: false
-      npm_tag:
-        description: "NPM tag (e.g., latest, beta). Only used for npm publish."
-        required: false
-        default: "latest"
   push:
     branches: [main]
     paths-ignore:
@@ -26,7 +14,8 @@ on:
       - "worker/**"
 
 env:
-  IMAGE_NAME: pgplex/pgconsole
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   check-version:
@@ -60,28 +49,35 @@ jobs:
   docker:
     needs: check-version
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - uses: actions/checkout@v4
 
       - uses: docker/setup-buildx-action@v3
 
-      - uses: docker/login-action@v3
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Prepare tags
         id: prep
         run: |
-          TAGS="${{ env.IMAGE_NAME }}:latest"
+          IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
+          IMAGE=$(echo "$IMAGE" | tr '[:upper:]' '[:lower:]')
+          TAGS="${IMAGE}:latest"
 
           if [[ -n "${{ inputs.version }}" ]]; then
             VERSION="${{ inputs.version }}"
-            TAGS="$TAGS,${{ env.IMAGE_NAME }}:$VERSION"
+            TAGS="$TAGS,${IMAGE}:$VERSION"
             echo "Publishing with tags: latest, $VERSION (manual)"
           elif [[ "${{ needs.check-version.outputs.version_changed }}" == "true" ]]; then
             VERSION="${{ needs.check-version.outputs.version }}"
-            TAGS="$TAGS,${{ env.IMAGE_NAME }}:$VERSION"
+            TAGS="$TAGS,${IMAGE}:$VERSION"
             echo "Publishing with tags: latest, $VERSION"
           else
             echo "Publishing with tag: latest only"
@@ -101,67 +97,3 @@ jobs:
             VERSION=${{ inputs.version || needs.check-version.outputs.version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
-  npm:
-    needs: check-version
-    if: inputs.version || needs.check-version.outputs.version_changed == 'true'
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      id-token: write
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: pnpm/action-setup@v4
-        with:
-          version: 10
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-          cache: "pnpm"
-
-      # Upgrade npm for OIDC trusted publishing (requires npm 11.5+)
-      # Bootstrap without npm since Node 22.22.2 ships with broken npm
-      - name: Upgrade npm
-        run: |
-          npm_tarball=$(curl -fsSL https://registry.npmjs.org/npm/latest | node -p "JSON.parse(require('fs').readFileSync(0,'utf8')).dist.tarball")
-          curl -fsSL "$npm_tarball" | tar xz -C /tmp
-          node /tmp/package/bin/npm-cli.js install -g npm@latest
-          rm -rf /tmp/package
-          echo "npm version: $(npm --version)"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Build
-        run: pnpm build
-
-      - name: Prepare and publish
-        run: |
-          VERSION="${{ inputs.version || needs.check-version.outputs.version }}"
-
-          # Check if already published
-          if npm view @pgplex/pgconsole@${VERSION} version &> /dev/null; then
-            echo "Version ${VERSION} already exists on npm. Skipping."
-            exit 0
-          fi
-
-          # Determine npm tag
-          if [[ -n "${{ inputs.npm_tag }}" && "${{ inputs.npm_tag }}" != "latest" ]]; then
-            TAG="${{ inputs.npm_tag }}"
-          elif [[ "${VERSION}" == *"-"* ]]; then
-            TAG=$(echo "${VERSION}" | cut -d'-' -f2 | cut -d'.' -f1)
-          else
-            TAG="latest"
-          fi
-
-          echo "Publishing @pgplex/pgconsole@${VERSION} with tag ${TAG}"
-
-          # Prepare package.json for npm
-          jq --arg v "$VERSION" \
-            '.name = "@pgplex/pgconsole" | .version = $v | del(.private) | .files = ["dist/**/*", "LICENSE", "README.md"] | .bin = {"pgconsole": "dist/server.mjs"}' \
-            package.json > package.json.tmp
-          mv package.json.tmp package.json
-
-          npm publish --access public --tag "$TAG" --provenance