Refactor workflows so that only one pushes to npm because OIDC is

currently limited to a single workflow file

Author: kategengler

.github/workflows/alpha-releases.yml

@@ -6,32 +6,21 @@ on:
   workflow_dispatch:
 
 jobs:
-  test:
-    name: Basic Test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup
-      - name: build
-        run: pnpm vite build --mode=development
-      - name: test
-        run: pnpm test
+  tests:
+    uses: ./.github/workflows/ci-jobs.yml
 
   release:
     permissions:
-      contents: write # to push tag
-      id-token: write
+      contents: read # PAT used for push
 
-    name: Tag + Release
+    name: Tag + Push
     runs-on: ubuntu-latest
-    needs: [test]
+    needs: [ tests ]
     steps:
       - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup
         with:
-          node-version: '20'
-      - name: Update npm
-        run: npm install -g npm@latest # npm >= 11.5.1 is needed
+          persist-credentials: false
+      - uses: ./.github/actions/setup  
       - name: setup git
         run: |
           git config --local user.email '[email protected]'
@@ -44,33 +33,7 @@ jobs:
       - name: bump version
         run: npm version ${{env.NEXT_ALPHA}} --allow-same-version --no-git-tag-version
       - name: create tag
-        run: git tag v${{env.NEXT_ALPHA}}-ember-source
-      - name: build for publish
-        env:
-          BUILD_TYPE: alpha
-          OVERRIDE_FEATURES: ''
-        run: node bin/build-for-publishing.js
-      - name: publish to npm
-        run: npm publish
+        run: git tag v${{env.NEXT_ALPHA}}-ember-source    
       - name: push tag
-        # Push in a way that will NOT trigger other workflows
-        run: git push origin v${{env.NEXT_ALPHA}}-ember-source
-
-  notify:
-    name: Notify Discord
-    runs-on: ubuntu-latest
-    needs:
-      [
-        test,
-        release,
-      ]
-    if: failure()
-    steps:
-      - uses: sarisia/actions-status-discord@v1
-        with:
-          webhook: ${{ secrets.FRAMEWORK_WEBHOOK }}
-          status: 'Failure'
-          title: 'Ember.js Alpha Release'
-          color: 0xcc0000
-          url: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
-          username: GitHub Actions
+        # Push in a way that WILL trigger other workflows
+        run: git push https://${GITHUB_ACTOR}:${{ secrets.PERSONAL_TOKEN }}@github.com/${GITHUB_REPOSITORY} v${{env.NEXT_ALPHA}}-ember-source       

.github/workflows/ci.yml

@@ -19,12 +19,12 @@ permissions:
   contents: read
 
 jobs:
-  ci:
+  tests:
     uses: ./.github/workflows/ci-jobs.yml
   publish:
     name: Publish channel to s3
     runs-on: ubuntu-latest
-    needs: [ci]
+    needs: [ tests ]
     # Only run on pushes to branches that are not from the cron workflow
     if: github.event_name == 'push' && contains(github.ref, 'cron') != true
     steps:
@@ -42,7 +42,7 @@ jobs:
   publish-alpha:
     name: Publish alpha from default branch
     runs-on: ubuntu-latest
-    needs: [ ci ]
+    needs: [ tests ]
     # Only run on pushes to main
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     steps:
@@ -62,7 +62,7 @@ jobs:
   notify:
     name: Notify Discord
     runs-on: ubuntu-latest
-    needs: [ ci ]
+    needs: [ tests ]
     if: failure() && contains(github.ref, 'cron') == true
     steps:
       - uses: sarisia/actions-status-discord@v1

.github/workflows/publish-to-npm.yml

@@ -0,0 +1,63 @@
+name: Publish to npm
+
+on:
+  push:
+    tags:
+      - 'v*'
+        
+jobs:
+  tests:
+    uses: ./.github/workflows/ci-jobs.yml
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    needs: [ tests ]
+    permissions:
+      contents: read 
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup
+        with:
+          node-version: 20
+      - name: Update npm
+        run: npm install -g npm@latest # npm >= 11.5.1 is needed
+      - name: Build for Publish (Alpha)
+        if: contains(github.ref, 'alpha')
+        env:
+          BUILD_TYPE: alpha
+          OVERRIDE_FEATURES: ''
+        run: node bin/build-for-publishing.js
+      - name: Build for Publish
+        if: !contains(github.ref, 'alpha')      
+        run: node bin/build-for-publishing.js
+      - name: publish to npm
+        run: npm publish
+  notify-failure:
+    name: Notify Discord of Release Failure
+    runs-on: ubuntu-latest
+    needs: [release]
+    if: failure()
+    steps:
+      - uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.FRAMEWORK_WEBHOOK }}
+          status: 'Failure'
+          title: 'Failed to release ember-source ${{ github.ref_name }}'
+          color: 0xcc0000
+          url: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
+          username: GitHub Actions
+  notify-success:
+    name: Notify Discord of Release Success
+    runs-on: ubuntu-latest
+    needs: [release]
+    if: success()
+    steps:
+      - uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.FRAMEWORK_WEBHOOK }}
+          status: 'Success'
+          title: 'Released ember-source ${{ github.ref_name }}'
+          color: 0x2ecc71        
+          url: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
+          username: GitHub Actions