From a7ee99cd437f500a3360b288578faefcb9dbab3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Kuty=C5=82a?= <daniel.kutyla@example.com>
Date: Thu, 18 Jun 2026 13:55:15 +0200
Subject: [PATCH] revert: restore original publish CI, drop release-PR script

Reverts the release-branch + PR auto-merge changes to .github/workflows/
publish.yml (back to direct git push origin main) and removes the now-unused
.github/scripts/open-release-pr.mjs.

Note: this reinstates the original 'git push origin main', which requires
main's branch protection to allow the Actions actor to bypass the PR
requirement (a repo ruleset setting, not a workflow change).
---
 .github/scripts/open-release-pr.mjs | 90 -----------------------------
 .github/workflows/publish.yml       | 14 +----
 2 files changed, 2 insertions(+), 102 deletions(-)
 delete mode 100644 .github/scripts/open-release-pr.mjs

diff --git a/.github/scripts/open-release-pr.mjs b/.github/scripts/open-release-pr.mjs
deleted file mode 100644
index 1527653..0000000
--- a/.github/scripts/open-release-pr.mjs
+++ /dev/null
@@ -1,90 +0,0 @@
-#!/usr/bin/env node
-// Open a release PR to main and enable auto-merge — without the gh CLI, which is not
-// installed on the self-hosted runner. Uses the REST API to create the PR and the GraphQL
-// API to enable auto-merge. Relies only on Node's global fetch (Node >= 22).
-//
-// Required env: GH_TOKEN, GITHUB_REPOSITORY (owner/repo), VERSION, RELEASE_BRANCH.
-
-const token = process.env.GH_TOKEN;
-const repo = process.env.GITHUB_REPOSITORY;
-const version = process.env.VERSION;
-const branch = process.env.RELEASE_BRANCH;
-
-for (const [k, v] of Object.entries({ GH_TOKEN: token, GITHUB_REPOSITORY: repo, VERSION: version, RELEASE_BRANCH: branch })) {
-  if (!v) {
-    console.error(`::error::Missing required env ${k}`);
-    process.exit(1);
-  }
-}
-
-const [owner, name] = repo.split('/');
-
-async function rest(path, init = {}) {
-  const res = await fetch(`https://api.github.com${path}`, {
-    ...init,
-    headers: {
-      Authorization: `Bearer ${token}`,
-      Accept: 'application/vnd.github+json',
-      'X-GitHub-Api-Version': '2022-11-28',
-      'Content-Type': 'application/json',
-      ...(init.headers ?? {}),
-    },
-  });
-  const body = await res.json().catch(() => ({}));
-  return { status: res.status, body };
-}
-
-async function graphql(query, variables) {
-  const res = await fetch('https://api.github.com/graphql', {
-    method: 'POST',
-    headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-    body: JSON.stringify({ query, variables }),
-  });
-  return res.json();
-}
-
-const prBody =
-  `Automated version bump for v${version}. Tag \`v${version}\` and the npm publish already ` +
-  `completed; merging this lands the bumped package.json on main.`;
-
-// Create the PR — or reuse an existing one for this branch (idempotent on re-run).
-let { status, body } = await rest(`/repos/${owner}/${name}/pulls`, {
-  method: 'POST',
-  body: JSON.stringify({ title: `release: v${version}`, head: branch, base: 'main', body: prBody }),
-});
-
-let pr;
-if (status === 201) {
-  pr = body;
-} else {
-  // 422 typically means a PR already exists for this head — find and reuse it.
-  const existing = await rest(`/repos/${owner}/${name}/pulls?head=${owner}:${branch}&state=open`);
-  if (existing.status === 200 && Array.isArray(existing.body) && existing.body.length > 0) {
-    pr = existing.body[0];
-    console.log(`Reusing existing PR #${pr.number}`);
-  } else {
-    console.error(`::error::Failed to create PR (HTTP ${status}): ${JSON.stringify(body)}`);
-    process.exit(1);
-  }
-}
-
-console.log(`PR #${pr.number}: ${pr.html_url}`);
-
-// Enable auto-merge (squash) so it lands once required checks/approvals pass.
-const result = await graphql(
-  `mutation($id: ID!) {
-     enablePullRequestAutoMerge(input: { pullRequestId: $id, mergeMethod: SQUASH }) {
-       pullRequest { number }
-     }
-   }`,
-  { id: pr.node_id },
-);
-
-if (result.errors?.length) {
-  console.log(
-    `::warning::Could not enable auto-merge for PR #${pr.number}: ${result.errors.map((e) => e.message).join('; ')}. ` +
-    `Ensure "Allow auto-merge" is enabled in repo settings. The PR is open for manual merge.`,
-  );
-} else {
-  console.log(`Auto-merge (squash) enabled for PR #${pr.number}.`);
-}
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index e6cb5de..6dcb97c 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -20,7 +20,6 @@ concurrency:
 
 permissions:
   contents: write
-  pull-requests: write
 
 jobs:
   publish:
@@ -53,10 +52,6 @@ jobs:
           git config user.email "github-actions[bot]@users.noreply.github.com"
           npm version ${{ inputs.version }} --no-git-tag-version
           VERSION=$(node -p "require('./package.json').version")
-          echo "VERSION=${VERSION}" >> "$GITHUB_ENV"
-          echo "RELEASE_BRANCH=release/v${VERSION}" >> "$GITHUB_ENV"
-          # main is protected (requires a PR), so commit to a release branch and merge via PR.
-          git switch -c "release/v${VERSION}"
           git add package.json
           git commit -m "release: v${VERSION}"
           git tag "v${VERSION}"
@@ -71,13 +66,8 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
-      - name: Push release branch and tag, open auto-merge PR
+      - name: Push version commit and tag
         if: ${{ inputs.dry-run != true }}
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          git push origin "${RELEASE_BRANCH}"
+          git push origin main
           git push origin --tags
-          # gh CLI is not installed on the self-hosted runner — open the PR + enable
-          # auto-merge via the GitHub API (Node global fetch) instead.
-          node .github/scripts/open-release-pr.mjs