name: Release
"on":
  push:
    branches:
      - master
      - next
      - beta
      - "*.x"
permissions:
  contents: read # for checkout
jobs:
  release:
    permissions:
      contents: write # to be able to publish a GitHub release
      issues: write # to be able to comment on released issues
      pull-requests: write # to be able to comment on released pull requests
      id-token: write # to enable use of OIDC for npm provenance
    name: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
      - uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3
        with:
          cache: npm
          node-version: lts/*
      - run: npm clean-install
      - run: npm audit signatures
      # pinned version updated automatically by Renovate.
      # details at https://semantic-release.gitbook.io/semantic-release/usage/installation#global-installation
      - run: npx semantic-release@21.0.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_NPM_TOKEN }}