fix(ci): merge release + Docker build into one job

.github/workflows/publish.yml

@@ -4,8 +4,6 @@ on:
   push:
     branches: ['main']
   pull_request:
-  release:
-    types: [published]
 
 env:
   REGISTRY: ghcr.io
@@ -39,12 +37,14 @@ jobs:
       - name: Type-check
         run: bun run build
 
-  release:
+  release-and-publish:
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     needs: verify
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      packages: write
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -57,50 +57,40 @@ jobs:
           VERSION=$(jq -r .version package.json)
           echo "version=$VERSION" >> $GITHUB_OUTPUT
           if git ls-remote --tags origin | grep -q "refs/tags/v${VERSION}$"; then
-            echo "exists=true" >> $GITHUB_OUTPUT
+            echo "new=false" >> $GITHUB_OUTPUT
           else
-            echo "exists=false" >> $GITHUB_OUTPUT
+            echo "new=true" >> $GITHUB_OUTPUT
           fi
 
-      - name: Create release
-        if: steps.check.outputs.exists == 'false'
+      - name: Create GitHub release
+        if: steps.check.outputs.new == 'true'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           gh release create "v${{ steps.check.outputs.version }}" \
             --title "v${{ steps.check.outputs.version }}" \
             --generate-notes
 
-  build-and-push-image:
-    if: github.event_name == 'release'
-    needs: verify
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
       - name: Log in to GitHub Container Registry
+        if: steps.check.outputs.new == 'true'
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract metadata (tags, labels) for Docker
+        if: steps.check.outputs.new == 'true'
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
       - name: Build and push Docker image
+        if: steps.check.outputs.new == 'true'
         uses: docker/build-push-action@v5
         with:
           context: .
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-

tests/workflow-behaviour.test.ts

@@ -15,10 +15,6 @@ test("publish workflow verifies the package across the supported OS and Bun matr
   );
   assert.match(workflow, /bun-version:/, "workflow should verify with Bun");
   assert.match(workflow, /needs:\s*verify/, "publish job should wait for the verification matrix");
-  assert.match(
-    workflow,
-    /if:\s*github\.event_name\s*==\s*'release'/,
-    "publish job should only run on release events",
-  );
   assert.match(workflow, /gh release create/, "workflow should auto-create a release on version bump");
+  assert.match(workflow, /docker\/build-push-action/, "workflow should build and push Docker image");
 });