Publish #122

	### This workflow has access to secrets and a read-write token
	name: Publish
	on:
	workflow_run:
	branches: [master]
	types: [completed]
	workflows: [CI]

	jobs:
	# Why do we need to build here as well as in the main CI pipeline? Because the actions/download-artifact action
	# doesn't allow you to download artifacts from other workflows, despite GitHub pushing that as the recommended
	# work-around for Dependabot permissions. See: https://github.com/actions/download-artifact/issues/60
	build:
	runs-on: ubuntu-latest
	name: Build
	if: ${{ github.event.workflow_run.conclusion == 'success' }}

	steps:
	- uses: actions/checkout@v2
	- uses: actions/setup-node@v4
	with:
	node-version: 22.13.1
	cache: yarn
	- run: yarn install
	- run: yarn build
	- uses: actions/upload-artifact@v4
	with:
	name: build
	path: lib

	publish:
	runs-on: ubuntu-latest
	name: Publish
	needs: build
	if: ${{ github.event.workflow_run.conclusion == 'success' }}

	steps:
	- uses: actions/checkout@v2
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v1
	- uses: actions/setup-node@v4
	with:
	node-version: 22.13.1
	cache: yarn
	- run: yarn install
	- uses: actions/download-artifact@v4
	with:
	name: build
	path: lib
	- name: Login to Docker Hub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- run: yarn semantic-release
	env:
	GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
	NPM_TOKEN: ${{secrets.NPM_TOKEN}}

Provide feedback