From 0b7428eef922cc83146a9396fbb0a9a87956c554 Mon Sep 17 00:00:00 2001
From: Strift <lau.cazanove@gmail.com>
Date: Thu, 11 Dec 2025 15:03:09 +0800
Subject: [PATCH 1/2] Update permissions

---
 .github/workflows/publish.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 57eac89a..be415615 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -4,12 +4,16 @@ on:
   push:
     branches:
       - main
-      - 'pre-release-beta/**'
-      - 'beta/**'
-      - 'prototype-beta/**'
+      - "pre-release-beta/**"
+      - "beta/**"
+      - "prototype-beta/**"
 env:
   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
+permissions:
+  id-token: write # Required for OIDC
+  contents: read
+
 jobs:
   publish-npm:
     name: Release
@@ -18,7 +22,7 @@ jobs:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v5
         with:
-          node-version: '18.x'
+          node-version: "18.x"
           registry-url: https://registry.npmjs.org/
       - name: Install dependencies
         run: yarn

From a43c11fac1f9168a324f5869c88745abd7bf07bb Mon Sep 17 00:00:00 2001
From: Strift <lau.cazanove@gmail.com>
Date: Sat, 13 Dec 2025 11:52:34 +0800
Subject: [PATCH 2/2] Refactor GitHub Actions workflow for package versioning
 and publishing

- Split the workflow into two jobs: 'version-packages' and 'publish-packages'.
- Updated Node.js version for the publish job to 24.x.
- Removed unnecessary environment variables and steps related to npm authentication.
- Adjusted the 'Create Release Pull Request' step to not publish automatically.
---
 .github/workflows/publish.yml | 36 ++++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index be415615..eb470811 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,39 +7,41 @@ on:
       - "pre-release-beta/**"
       - "beta/**"
       - "prototype-beta/**"
-env:
-  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
 permissions:
   id-token: write # Required for OIDC
   contents: read
 
 jobs:
-  publish-npm:
-    name: Release
+  version-packages:
+    name: Version Packages
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
       - uses: actions/setup-node@v5
         with:
           node-version: "18.x"
-          registry-url: https://registry.npmjs.org/
       - name: Install dependencies
         run: yarn
-      - name: Create .npmrc file
-        run: |
-          cat << EOF > "$HOME/.npmrc"
-            //registry.npmjs.org/:_authToken=$NPM_TOKEN
-            always-auth = true
-          EOF
-        env:
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      - name: Create Release Pull Request or Publish to npm
+      - name: Create Release Pull Request
         uses: changesets/action@v1
         with:
-          publish: yarn release
+          publish: false
           version: yarn version-packages
         env:
           GITHUB_TOKEN: ${{ secrets.MEILI_BOT_GH_PAT }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  publish-packages:
+    name: Publish Packages
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: actions/setup-node@v5
+        with:
+          node-version: "24.x"
+      - name: Install dependencies
+        run: yarn
+      - name: Build packages
+        run: yarn build
+      - name: Publish to npm
+        run: yarn release