ci: Fix NPM publish workflow (#297)

Author: zguesmi

.github/CODEOWNERS

@@ -0,0 +1,10 @@
+# Code owners are automatically requested to review when a pull request
+# is opened (ready for review).
+# See https://search.brave.com/search?q=About+code+owners+-+GitHub+Docs
+
+# A Ruleset is created in this GitHub repository to automatically request
+# Copilot's review when pull requests are created as drafts or when they
+# are ready for review.
+# See https://github.com/iExecBlockchainComputing/PoCo/settings/rules/9055086
+
+*   @zguesmi @gfournieriExec @Le-Caignec

.github/workflows/deploy.yml

@@ -15,12 +15,11 @@ on:
         default: 'hardhat'
 
 jobs:
-  # Build and test before deploying.
-  build-and-test:
+  pre-deploy:
     uses: ./.github/workflows/main.yml
 
   deploy:
-    needs: build-and-test
+    needs: pre-deploy
     runs-on: ubuntu-latest
     environment: ${{ inputs.network }} # Use the selected environment
     permissions:

.github/workflows/publish.yml

@@ -1,20 +1,37 @@
 # ⚠️ THIS WORKFLOW IS THE TRUSTED PUBLISHER CONFIGURED ON NPMJS.COM, DO NOT RENAME OR DELETE THIS FILE ⚠️
+
 name: Publish NPM Package
 
 on:
   push:
     tags:
       - 'v*'
 
-permissions:
-  id-token: write # Required for OIDC
-  packages: write
-  contents: read
-
 jobs:
-  build-and-test:
+  pre-publish:
     uses: ./.github/workflows/main.yml
 
+  determine-dist-tag:
+    needs: pre-publish
+    runs-on: ubuntu-latest
+    outputs:
+      TAG: ${{ steps.set-dist-tag.outputs.TAG }}
+    steps:
+      - name: Determine package dist tag
+        id: set-dist-tag
+        run: |
+          if [[ "${GITHUB_REF#refs/tags/}" == *"-rc"* ]]; then
+            echo "TAG=rc" >> $GITHUB_OUTPUT
+          else
+            echo "TAG=latest" >> $GITHUB_OUTPUT
+          fi
+
   publish:
-    needs: build-and-test
+    needs: determine-dist-tag
+    permissions:
+      id-token: write # Required for OIDC
+      packages: write
+      contents: read
     uses: iExecBlockchainComputing/github-actions-workflows/.github/workflows/[email protected]
+    with:
+      tag: ${{ needs.determine-dist-tag.outputs.TAG }}

.github/workflows/upgrade-facets.yml

@@ -21,12 +21,11 @@ on:
         default: true
 
 jobs:
-  # Build and test before upgrading.
-  build-and-test:
+  pre-upgrade:
     uses: ./.github/workflows/main.yml
 
   upgrade:
-    needs: build-and-test
+    needs: pre-upgrade
     runs-on: ubuntu-latest
     environment: ${{ inputs.network }} # Use the selected environment
     permissions:

docs/README.md

@@ -150,7 +150,7 @@ npm run verify:all -- --network <your network name> # e.g. arbitrum
 This script automatically reads all deployed contract addresses and their constructor arguments from the deployment artifacts and verifies them on the relevant block explorer.
 
 
-### Formatting
+### Format
 
 Format a specific file or files in a directory:
 ```
@@ -189,3 +189,19 @@ To render only storage diagrams:
 ```
 npm run storage-to-diagrams
 ```
+
+### Release
+
+- **Final releases** are automated using [Release Please](https://github.com/googleapis/release-please). Major, minor, and patch versions should be published through the corresponding GitHub Actions workflows.
+- **Prereleases** (`vX.Y.Z-rc.*`) should be created manually using:
+    ```
+    npm run prerelease
+    ```
+    This command will:
+    - Bump the RC version in `package.json` and `package-lock.json` files.
+    - Create a new commit with the version bump.
+    - Generate the corresponding Git tag.
+
+    Running this command ensures that the version in package.json matches the Git tag. This alignment is required for correct package publication and to automatically determine the appropriate npm dist tag (see [publish.yml](../.github/workflows/publish.yml)).
+
+    > Note: There is no need to create a full GitHub release for prerelease versions, a Git tag is sufficient.

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@iexec/poco",
-  "version": "6.1.0-contracts",
+  "version": "6.1.0-rc.5",
   "description": "iExec Proof of Contribution protocol smart contracts",
   "author": "iExec",
   "license": "Apache-2.0",
@@ -24,7 +24,8 @@
     "sol-to-uml": "npx zx scripts/tools/sol-to-uml.mjs",
     "puml-to-links": "npx zx scripts/tools/puml-to-links.mjs",
     "storage-to-diagrams": "bash scripts/tools/storage-to-diagrams.sh",
-    "doc": "npx hardhat docgen"
+    "doc": "npx hardhat docgen",
+    "prerelease": "npm version prerelease --preid=rc -m 'chore: v%s'"
   },
   "files": [
     "/abis",