name: Build and Publish to PyPI

on:
  workflow_dispatch:
  release:
    types: [published]

jobs:
  build-and-publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write  # Required for trusted publishing to PyPI
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'

      - name: Build frontend
        run: |
          cd web
          npm install -g pnpm
          pnpm install
          pnpm build
          mkdir -p ../src/langbot/web/dist
          cp -r dist ../src/langbot/web/

      - name: Install the latest version of uv
        uses: astral-sh/setup-uv@v6
        with:
          version: "latest"

      - name: Build package
        run: |
          uv build

      - name: Publish to PyPI
        run: |
          uv publish --token ${{ secrets.PYPI_TOKEN }}