From 3ac69b8af9c9142a444e423cb1f7e02189f5224f Mon Sep 17 00:00:00 2001
From: Tom Meagher <tom@meagher.co>
Date: Wed, 28 Feb 2024 11:44:30 -0500
Subject: [PATCH] ci: up perms

---
 .github/workflows/canary.yml          | 44 ---------------------------
 .github/workflows/on-push-to-main.yml | 24 ++++++++++++++-
 2 files changed, 23 insertions(+), 45 deletions(-)
 delete mode 100644 .github/workflows/canary.yml

diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml
deleted file mode 100644
index ef95d440..00000000
--- a/.github/workflows/canary.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-name: Release (Canary)
-on:
-  push:
-    branches: [main]
-  workflow_dispatch:
-
-jobs:
-  canary:
-    name: Release canary
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v4
-
-      - name: Install dependencies
-        uses: ./.github/actions/install-dependencies
-
-      - name: Setup .npmrc file
-        uses: actions/setup-node@v4
-        with:
-          node-version: 'latest'
-          registry-url: 'https://registry.npmjs.org'
-
-      - name: Set version
-        run: |
-          jq --arg prop "workspaces" 'del(.[$prop])' package.json > package.tmp.json && rm package.json && cp package.tmp.json package.json && rm package.tmp.json
-          cd src
-          npm --no-git-tag-version version $(npm pkg get version | sed 's/"//g')-$(git branch --show-current | tr -cs '[:alnum:]-' '-' | tr '[:upper:]' '[:lower:]' | sed 's/-$//').$(date +'%Y%m%dT%H%M%S')
-          cd ../create-frog
-          npm --no-git-tag-version version $(npm pkg get version | sed 's/"//g')-$(git branch --show-current | tr -cs '[:alnum:]-' '-' | tr '[:upper:]' '[:lower:]' | sed 's/-$//').$(date +'%Y%m%dT%H%M%S')
-
-      - name: Build
-        run: pnpm build
-
-      - name: Publish to npm
-        run: | 
-          cd src 
-          npm publish --tag $(git branch --show-current | tr -cs '[:alnum:]-' '-' | tr '[:upper:]' '[:lower:]' | sed 's/-$//')
-          cd ../create-frog
-          npm publish --tag $(git branch --show-current | tr -cs '[:alnum:]-' '-' | tr '[:upper:]' '[:lower:]' | sed 's/-$//')
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/on-push-to-main.yml b/.github/workflows/on-push-to-main.yml
index 191568cb..af7f133e 100644
--- a/.github/workflows/on-push-to-main.yml
+++ b/.github/workflows/on-push-to-main.yml
@@ -16,6 +16,14 @@ jobs:
   changesets:
     name: Changesets
     needs: verify
+    permissions:
+      contents: write
+      id-token: write
+      issues: write
+      repository-projects: write
+      deployments: write
+      packages: write
+      pull-requests: write
     runs-on: ubuntu-latest
     timeout-minutes: 5
 
@@ -38,4 +46,18 @@ jobs:
           version: pnpm changeset:version
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Publish Prerelease
+        if: steps.changesets.outputs.published != 'true'
+        continue-on-error: true
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          npm config set "//registry.npmjs.org/:_authToken" "$NPM_TOKEN"
+          git reset --hard origin/main
+          pnpm clean
+          pnpm changeset version --no-git-tag --snapshot canary
+          pnpm changeset:prepublish
+          pnpm changeset publish --no-git-tag --snapshot canary --tag canary