From b9e24bc73a7fa976e22816c9e617372000bb8ad7 Mon Sep 17 00:00:00 2001
From: Eric Luce <8564680558+eluce2@users.noreply.github.com>
Date: Thu, 19 Mar 2026 18:17:31 +0000
Subject: [PATCH 1/2] ci: enforce changesets on pull requests

---
 .github/workflows/changeset-enforcement.yml | 61 +++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 .github/workflows/changeset-enforcement.yml

diff --git a/.github/workflows/changeset-enforcement.yml b/.github/workflows/changeset-enforcement.yml
new file mode 100644
index 00000000..8ffaf7d9
--- /dev/null
+++ b/.github/workflows/changeset-enforcement.yml
@@ -0,0 +1,61 @@
+name: Changeset Enforcement
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+
+permissions:
+  contents: read
+
+jobs:
+  require-changeset:
+    name: Require changeset for package changes
+    if: github.event.pull_request.draft == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Ensure base ref is available
+        run: git fetch origin "${{ github.base_ref }}:${{ github.base_ref }}" --depth=1
+
+      - name: Detect whether this PR touches releasable code
+        id: scope
+        shell: bash
+        run: |
+          set -euo pipefail
+          CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...HEAD")
+
+          echo "Changed files:" 
+          echo "$CHANGED_FILES"
+
+          if echo "$CHANGED_FILES" | grep -Eq '^(apps/|packages/|fm-addon/|scripts/|package.json$|pnpm-lock.yaml$|pnpm-workspace.yaml$|turbo.json$|tsconfig\.json$|vitest\.config\.ts$|biome\.json$)'; then
+            echo "requires_changeset=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "requires_changeset=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Setup pnpm
+        if: steps.scope.outputs.requires_changeset == 'true'
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Node.js
+        if: steps.scope.outputs.requires_changeset == 'true'
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        if: steps.scope.outputs.requires_changeset == 'true'
+        run: pnpm install --frozen-lockfile
+
+      - name: Validate changeset exists
+        if: steps.scope.outputs.requires_changeset == 'true'
+        run: pnpm changeset status --since="origin/${{ github.base_ref }}"
+
+      - name: Skip notice for non-release changes
+        if: steps.scope.outputs.requires_changeset != 'true'
+        run: echo "No releasable package/app changes detected; skipping changeset requirement."

From 35049348c8db0b50c398d6762527e9a3ed8c8691 Mon Sep 17 00:00:00 2001
From: Eric Luce <8564680558+eluce2@users.noreply.github.com>
Date: Mon, 23 Mar 2026 14:44:26 +0000
Subject: [PATCH 2/2] ci: reuse publish-any-commit checks for release PRs

---
 .github/workflows/continuous-release.yml      | 105 +-------------
 .../workflows/publish-any-commit-reusable.yml | 136 ++++++++++++++++++
 .github/workflows/release.yml                 |  13 ++
 3 files changed, 153 insertions(+), 101 deletions(-)
 create mode 100644 .github/workflows/publish-any-commit-reusable.yml

diff --git a/.github/workflows/continuous-release.yml b/.github/workflows/continuous-release.yml
index f807bae6..0e46e72b 100644
--- a/.github/workflows/continuous-release.yml
+++ b/.github/workflows/continuous-release.yml
@@ -1,107 +1,10 @@
 name: Publish Any Commit
+
 on:
   push:
   pull_request:
 
-env:
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
-
 jobs:
-  lint:
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - run: corepack enable
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Lint
-        run: pnpm lint
-
-  typecheck:
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - run: corepack enable
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Type Check
-        run: pnpm typecheck
-
-  test:
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - run: corepack enable
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Run Deterministic Contract Tests
-        run: pnpm test
-
-  build:
-
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - run: corepack enable
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Build
-        run: pnpm build
-
-  publish:
-
-    runs-on: ubuntu-latest
-    needs: [lint, typecheck, test, build]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - run: corepack enable
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: "pnpm"
-
-      - name: Install dependencies
-        run: pnpm install --frozen-lockfile
-
-      - name: Build
-        run: pnpm build
-
-      - run: pnpm dlx pkg-pr-new publish './packages/*' --packageManager=pnpm
+  publish-any-commit:
+    uses: ./.github/workflows/publish-any-commit-reusable.yml
+    secrets: inherit
diff --git a/.github/workflows/publish-any-commit-reusable.yml b/.github/workflows/publish-any-commit-reusable.yml
new file mode 100644
index 00000000..5a4ab649
--- /dev/null
+++ b/.github/workflows/publish-any-commit-reusable.yml
@@ -0,0 +1,136 @@
+name: Publish Any Commit Reusable
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        description: Git ref to checkout for validation and preview publishing
+        required: false
+        type: string
+
+env:
+  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
+  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.ref || github.sha }}
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Setup Node.js 22.x
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Lint
+        run: pnpm lint
+
+      - name: Check skill versions
+        run: pnpm skill:check-versions
+
+  typecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.ref || github.sha }}
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Setup Node.js 22.x
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Type Check
+        run: pnpm typecheck
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.ref || github.sha }}
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Setup Node.js 22.x
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Run Deterministic Contract Tests
+        run: pnpm test
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.ref || github.sha }}
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Setup Node.js 22.x
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm build
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: [lint, typecheck, test, build]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ inputs.ref || github.sha }}
+
+      - name: Enable Corepack
+        run: corepack enable
+
+      - name: Setup Node.js 22.x
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm build
+
+      - name: Publish preview packages
+        run: pnpm dlx pkg-pr-new publish './packages/*' --packageManager=pnpm
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a11ba02e..564f29ca 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,6 +17,7 @@ permissions:
   contents: write
   pull-requests: write
   id-token: write
+  actions: read
 
 jobs:
   lint:
@@ -168,6 +169,8 @@ jobs:
       - cli-smoke
       - fmodata-e2e
     runs-on: ubuntu-latest
+    outputs:
+      hasChangesets: ${{ steps.changesets.outputs.hasChangesets }}
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v6
@@ -193,3 +196,13 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
           NPM_CONFIG_PROVENANCE: true
+
+  publish-release-pr-preview:
+    name: Publish Any Commit for Release PR
+    needs:
+      - release
+    if: needs.release.outputs.hasChangesets == 'true'
+    uses: ./.github/workflows/publish-any-commit-reusable.yml
+    with:
+      ref: refs/heads/changeset-release/${{ github.ref_name }}
+    secrets: inherit