Ensure static paths are always selected over dynamic paths

.changeset/config.json

@@ -2,7 +2,7 @@
   "$schema": "https://unpkg.com/@changesets/config@3.0.0/schema.json",
   "changelog": false,
   "commit": false,
-  "fixed": [["@twofold/framework", "eslint-plugin-twofold"]],
+  "fixed": [["@redpointgames/framework", "@redpointgames/eslint-plugin-twofold"]],
   "linked": [],
   "access": "restricted",
   "baseBranch": "main",

.gitattributes

@@ -0,0 +1,2 @@
+# prevent Git from merging the lockfile in a way that makes it corrupt
+pnpm-lock.yaml binary

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/build.yml

@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: ["main"]
 
+permissions:
+  id-token: write
+  packages: write
+
 jobs:
   build-and-publish:
     name: "Build and Publish"
@@ -16,6 +20,24 @@ jobs:
         with:
           ref: ${{ github.head_ref }}
           fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: "24"
+          registry-url: "https://registry.npmjs.org"
+      - name: Set package versions
+        run: |
+          # discover package files
+          export PACKAGE_JSON_FILES=$(find . -name package.json -not -path "*/node_modules/*")
+
+          # generate version
+          export PACKAGE_VERSION_SUFFIX="dev$(date +%Y%m%d%H%M%S)"
+
+          # set repository
+          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".repository |= \"https://github.com/$GITHUB_REPOSITORY\"" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
+
+          # update versions
+          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".version |= (match(\"^([0-9.]+)\").captures[0].string + \"-$PACKAGE_VERSION_SUFFIX\")" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
       - name: Install Dependencies
         run: |
           corepack enable
@@ -28,43 +50,19 @@ jobs:
             pnpm lint
             popd
           done
-      - name: Push to GitHub
+      - name: Push to NPM
         if: github.event_name != 'pull_request'
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          export PACKAGE_NAMESPACE=$GITHUB_REPOSITORY_OWNER
-
-          PACKAGE_JSON_FILES=$(find . -name package.json -not -path "*/node_modules/*")
-
-          # set repository
-          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".repository |= \"https://github.com/$GITHUB_REPOSITORY\"" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
-
-          # rename package versions
-          export PACKAGE_VERSION_SUFFIX="dev.$(date +%Y.%m.%d.%H.%M.%S)+$(git rev-parse --short HEAD)"
-          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".version |= (match(\"^([0-9.]+)\").captures[0].string + \"-$PACKAGE_VERSION_SUFFIX\")" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
-
-          # rename package names
-          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".name |= sub(\"@twofold\"; \"@$PACKAGE_NAMESPACE\")" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
-          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".name |= sub(\"create-twofold-app\"; \"@$PACKAGE_NAMESPACE/create-twofold-app\")" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
-          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".name |= sub(\"eslint-plugin-twofold\"; \"@$PACKAGE_NAMESPACE/eslint-plugin-twofold\")" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
-
-          # rename package references
-          for PACKAGE_JSON in $PACKAGE_JSON_FILES; do jq ".dependencies = (.dependencies // {}) | (to_entries | map({key: (.key | sub(\"@twofold/\"; \"@$PACKAGE_NAMESPACE/\")), value: .value}) | from_entries)" $PACKAGE_JSON > $PACKAGE_JSON.tmp; mv $PACKAGE_JSON.tmp $PACKAGE_JSON; done
-
-          # compile and package again
-          #   PACKAGE_NAMESPACE is read by compile.js and rewrites imports
-          #   in built code once compiled
+          # compile
           pnpm compile
 
-          # publish packages
+          # publish
           for PACKAGE in packages/*; do
             pushd $PACKAGE
             cat >.npmrc <<EOF
-          //npm.pkg.github.com/:_authToken=${NODE_AUTH_TOKEN}
-          @${GITHUB_REPOSITORY_OWNER}:registry=https://npm.pkg.github.com/
+          @${PACKAGE_NAMESPACE}:registry=https://registry.npmjs.org/
           always-auth=true
           EOF
-            pnpm publish --no-git-checks
+            pnpm publish --no-git-checks --tag latest --access public
             popd
           done

Dockerfile

@@ -11,8 +11,8 @@ RUN npm install -g corepack@latest && \
 FROM base AS build
 COPY . /usr/src/twofold
 WORKDIR /usr/src/twofold
-RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --filter="@twofold/framework..." --prod=false --frozen-lockfile
-RUN pnpm run --filter="@twofold/framework..." compile
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --filter="@redpointgames/framework..." --prod=false --frozen-lockfile
+RUN pnpm run --filter="@redpointgames/framework..." compile
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --filter="website..." --prod=false --frozen-lockfile
 RUN pnpm run --filter=website build