name: Update Immich SDK

on:
  release:
    types: [published]

permissions: {}

jobs:
  publish:
    name: Publish `@immich/sdk`
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    steps:
      - id: token
        uses: immich-app/devtools/actions/create-workflow-token@caa599d954228439ea3e8ce1c3328f41ab120ee6 # create-workflow-token-action-v2.0.0
        with:
          client-id: ${{ secrets.PUSH_O_MATIC_APP_CLIENT_ID }}
          private-key: ${{ secrets.PUSH_O_MATIC_APP_KEY }}

      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
          token: ${{ steps.token.outputs.token }}

      - name: Setup Mise
        uses: immich-app/devtools/actions/use-mise@01a4d354b70f99a6baf4a1b72827f6d4922e4978 # use-mise-action-v2.0.0
        with:
          github_token: ${{ steps.token.outputs.token }}

      - name: Install deps
        run: pnpm --filter @immich/sdk install --frozen-lockfile

      - name: Build
        run: pnpm --filter @immich/sdk build

      - name: Publish
        run: pnpm --filter @immich/sdk publish --provenance --no-git-checks