From edbe0bb70971e54514ebea672e4ad9b51fc55bff Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Sat, 16 May 2026 16:41:24 +0100
Subject: [PATCH] ci: publish version from package.json (drop dirty-tree
 auto-bump)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous \`pnpm version patch\` step ran \`pnpm i\` first, which
under pnpm 11 dirties pnpm-workspace.yaml (the build-script approval
wizard re-emits its prompt every install). \`pnpm version\` then
aborts with \`ERR_PNPM_UNCLEAN_WORKING_TREE\` and the publish never
runs — that's how 4.0.3 failed to ship after PR #131 merged.

Switch to a simpler model: bump the version manually in the PR that
needs to ship, then publish whatever version is in package.json on
merge to main. Tag the commit only if no \`vX.Y.Z\` tag exists yet,
and use \`pnpm publish --no-git-checks\` so transient working-tree
state from pnpm itself doesn't block the publish.
---
 .github/workflows/npmpublish.yml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/npmpublish.yml b/.github/workflows/npmpublish.yml
index d228377..42a13c6 100644
--- a/.github/workflows/npmpublish.yml
+++ b/.github/workflows/npmpublish.yml
@@ -69,19 +69,20 @@ jobs:
           cache: pnpm
           registry-url: https://registry.npmjs.org/
       -
-        name: Bump version (patch)
+        name: Tag the version in package.json (if not already tagged)
         run: |
-          LATEST_TAG=$(git describe --tags --abbrev=0) || exit 1
-          NEW_COMMITS=$(git rev-list --count "${LATEST_TAG}"..) || exit 1
-          [ "${NEW_COMMITS}" -gt 0 ] || exit 0
+          PKG_VER=$(node -p "require('./package.json').version")
+          if git rev-parse -q --verify "refs/tags/v${PKG_VER}" >/dev/null; then
+            echo "v${PKG_VER} already tagged; nothing to do."
+            exit 0
+          fi
           git config user.name 'github-actions[bot]'
           git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
-          pnpm i
-          pnpm version patch
-          git push --follow-tags
+          git tag "v${PKG_VER}"
+          git push origin "v${PKG_VER}"
       -
-        run: pnpm i
+        run: pnpm i --frozen-lockfile
       -
-        run: pnpm publish
+        run: pnpm publish --no-git-checks
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}