From eccdbc3f14b786eba3b0309c920d1b47535ca8b8 Mon Sep 17 00:00:00 2001
From: Peter Savchenko <specc.dev@gmail.com>
Date: Sun, 8 Feb 2026 15:07:22 +0300
Subject: [PATCH 1/2] Extract publish job into reusable workflow

Move the inline publish job from .github/workflows/main.yml into a reusable workflow .github/workflows/publish.yml and replace the original steps with a workflow_call reference. The new publish workflow detects changed packages (packages/utils and packages/github) with dorny/paths-filter, installs/builds only once, and conditionally publishes and notifies only the packages that changed. Also updates actions versions (checkout/setup-node) and exposes published package versions for notification.
---
 .github/workflows/main.yml    | 40 +-----------------
 .github/workflows/publish.yml | 80 +++++++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+), 39 deletions(-)
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a780365..33f8e4b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -33,42 +33,4 @@ jobs:
   publish:
     needs: check-lint-test-build
     if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: .nvmrc
-          registry-url: 'https://registry.npmjs.org'
-          scope: '@hawk.so'
-
-      - name: Enable Corepack and install dependencies
-        run: |
-          corepack enable
-          corepack prepare yarn@4.5.1 --activate
-          yarn install
-
-      - name: Build
-        run: yarn build
-
-      - name: Publish
-        run: |
-          yarn workspace @hawk.so/utils exec npm publish --access public
-          yarn workspace @hawk.so/github-sdk exec npm publish --access public
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-
-      - name: Get package info
-        id: package
-        uses: codex-team/action-nodejs-package-info@v1
-
-      - name: Send a message
-        uses: codex-team/action-codexbot-notify@v1
-        with:
-          webhook: ${{ secrets.CODEX_BOT_WEBHOOK_HAWK }}
-          message: '📦 [${{ steps.package.outputs.name }}](${{ steps.package.outputs.npmjs-link }}) ${{ steps.package.outputs.version }} was published'
-          parse_mode: 'markdown'
-          disable_web_page_preview: true
+    uses: ./.github/workflows/publish.yml
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..99319e6
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,80 @@
+name: Publish
+
+on:
+  workflow_call:
+
+jobs:
+  publish:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Detect changed packages
+        id: changes
+        uses: dorny/paths-filter@v3
+        with:
+          base: ${{ github.event.before || 'HEAD^' }}
+          filters: |
+            utils:
+              - 'packages/utils/**'
+            github:
+              - 'packages/github/**'
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: .nvmrc
+          registry-url: 'https://registry.npmjs.org'
+          scope: '@hawk.so'
+
+      - name: Enable Corepack and install dependencies
+        run: |
+          corepack enable
+          corepack prepare yarn@4.5.1 --activate
+          yarn install
+
+      - name: Build
+        run: yarn build
+
+      - name: Publish
+        run: |
+          if [ "${{ steps.changes.outputs.utils }}" == "true" ]; then
+            yarn workspace @hawk.so/utils exec npm publish --access public
+          fi
+          if [ "${{ steps.changes.outputs.github }}" == "true" ]; then
+            yarn workspace @hawk.so/github-sdk exec npm publish --access public
+          fi
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Get published package versions
+        if: steps.changes.outputs.utils == 'true' || steps.changes.outputs.github == 'true'
+        id: versions
+        run: |
+          if [ "${{ steps.changes.outputs.utils }}" == "true" ]; then
+            echo "utils_version=$(node -p "require('./packages/utils/package.json').version")" >> $GITHUB_OUTPUT
+          fi
+          if [ "${{ steps.changes.outputs.github }}" == "true" ]; then
+            echo "github_version=$(node -p "require('./packages/github/package.json').version")" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Notify @hawk.so/utils published
+        if: steps.changes.outputs.utils == 'true'
+        uses: codex-team/action-codexbot-notify@v1
+        with:
+          webhook: ${{ secrets.CODEX_BOT_WEBHOOK_HAWK }}
+          message: '📦 [@hawk.so/utils](https://www.npmjs.com/package/@hawk.so/utils) ${{ steps.versions.outputs.utils_version }} was published'
+          parse_mode: 'markdown'
+          disable_web_page_preview: true
+
+      - name: Notify @hawk.so/github-sdk published
+        if: steps.changes.outputs.github == 'true'
+        uses: codex-team/action-codexbot-notify@v1
+        with:
+          webhook: ${{ secrets.CODEX_BOT_WEBHOOK_HAWK }}
+          message: '📦 [@hawk.so/github-sdk](https://www.npmjs.com/package/@hawk.so/github-sdk) ${{ steps.versions.outputs.github_version }} was published'
+          parse_mode: 'markdown'
+          disable_web_page_preview: true

From bda0630e0660dade18e7cc8cbfa1afc3ef8cc6ba Mon Sep 17 00:00:00 2001
From: Peter Savchenko <specc.dev@gmail.com>
Date: Sun, 8 Feb 2026 15:11:47 +0300
Subject: [PATCH 2/2] Move publish to workflow_run after CI success

Remove the inline publish job from the main CI workflow and convert the publish workflow into a separate workflow_run that triggers when the CI workflow completes on the main branch. Add a guard to run only on successful CI runs, use the workflow_run head_sha for checkout, and simplify the paths-filter base to HEAD^. These changes decouple publishing from the main CI job and ensure the publish workflow runs against the exact commit that finished the CI.
---
 .github/workflows/main.yml    | 5 -----
 .github/workflows/publish.yml | 9 +++++++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 33f8e4b..d393490 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -29,8 +29,3 @@ jobs:
 
       - name: Build
         run: yarn build
-
-  publish:
-    needs: check-lint-test-build
-    if: github.ref == 'refs/heads/main'
-    uses: ./.github/workflows/publish.yml
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 99319e6..718062a 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,22 +1,27 @@
 name: Publish
 
 on:
-  workflow_call:
+  workflow_run:
+    workflows: [CI]
+    types: [completed]
+    branches: [main]
 
 jobs:
   publish:
+    if: github.event.workflow_run.conclusion == 'success'
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6
         with:
+          ref: ${{ github.event.workflow_run.head_sha }}
           fetch-depth: 0
 
       - name: Detect changed packages
         id: changes
         uses: dorny/paths-filter@v3
         with:
-          base: ${{ github.event.before || 'HEAD^' }}
+          base: HEAD^
           filters: |
             utils:
               - 'packages/utils/**'