coder
diff --git a/‎.github/workflows/ci.yaml
+27 b/‎.github/workflows/ci.yaml
+27
diff --git a/‎.github/workflows/npm-beta.yaml
-29 b/‎.github/workflows/npm-beta.yaml
-29
diff --git a/‎.github/workflows/npm-brew.yaml
+7-2 b/‎.github/workflows/npm-brew.yaml
+7-2
diff --git a/‎.github/workflows/npm-dev.yaml
-30 b/‎.github/workflows/npm-dev.yaml
-30
diff --git a/‎ci/steps/publish-npm.sh
+61-27 b/‎ci/steps/publish-npm.sh
+61-27
@@ -177,6 +177,33 @@ jobs:
           name: npm-package
           path: ./package.tar.gz
 
+  npm:
+    # the npm-package gets uploaded as an artifact in Build
+    # so we need that to complete before this runs
+    needs: build
+    # This environment "npm" requires someone from
+    # coder/code-server-reviewers to approve the PR before this job runs.
+    environment: npm
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/download-artifact@v2
+        id: download
+        with:
+          name: "npm-package"
+          path: release-npm-package
+
+      - name: Run ./ci/steps/publish-npm.sh
+        run: yarn publish:npm
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          # NOTE@jsjoeio
+          # NPM_ENVIRONMENT intentionally not set here.
+          # Instead, itis determined in publish-npm.sh script
+          # using GITHUB environment variables
+
   # TODO: cache building yarn --production
   # possibly 2m30s of savings(?)
   # this requires refactoring our release scripts
 
@@ -16,13 +16,18 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
+      - uses: actions/download-artifact@v2
+        id: download
+        with:
+          name: "npm-package"
+          path: release-npm-package
+
       - name: Publish npm package and tag with "latest"
         run: yarn publish:npm
         env:
-          ENVIRONMENT: "production"
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NPM_TAG: "latest"
+          NPM_ENVIRONMENT: "production"
 
   homebrew:
     # The newest version of code-server needs to be available on npm when this runs
 
@@ -21,20 +21,6 @@ main() {
     exit 1
   fi
 
-  ## Environment
-  # This string is used to determine how we should tag the npm release.
-  # Environment can be one of three choices:
-  # "development" - this means we tag with the PR number, allowing
-  # a developer to install this version with `yarn add code-server@<pr-number>`
-  # "staging" - this means we tag with `beta`, allowing
-  # a developer to install this version with `yarn add code-server@beta`
-  # "production" - this means we tag with `latest` (default), allowing
-  # a developer to install this version with `yarn add code-server@latest`
-  if ! is_env_var_set "ENVIRONMENT"; then
-    echo "ENVIRONMENT is not set. Cannot determine npm tag without ENVIRONMENT."
-    exit 1
-  fi
-
   ## Publishing Information
   # All the variables below are used to determine how we should publish
   # the npm package. We also use this information for bumping the version.
@@ -47,22 +33,52 @@ main() {
     exit 1
   fi
 
-  # We need TAG to know what to publish under on npm
-  # Options are "latest", "beta", or "<pr number >"
-  # See Environment comments above to know when each is used.
-  if ! is_env_var_set "NPM_TAG"; then
-    echo "NPM_TAG is not set. This is needed for tagging the npm release."
+  # We use this to grab the PR_NUMBER
+  if ! is_env_var_set "GITHUB_REF"; then
+    echo "GITHUB_REF is not set. Are you running this locally? We rely on values provided by GitHub."
+    exit 1
+  fi
+
+  # We use this when setting NPM_VERSION
+  if ! is_env_var_set "GITHUB_SHA"; then
+    echo "GITHUB_SHA is not set. Are you running this locally? We rely on values provided by GitHub."
     exit 1
   fi
 
-  echo "using tag: $NPM_TAG"
+  # We use this to determine the NPM_ENVIRONMENT
+  if ! is_env_var_set "GITHUB_EVENT_NAME"; then
+    echo "GITHUB_EVENT_NAME is not set. Are you running this locally? We rely on values provided by GitHub."
+    exit 1
+  fi
 
   # This allows us to publish to npm in CI workflows
   if [[ ${CI-} ]]; then
     echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
   fi
 
-  download_artifact npm-package ./release-npm-package
+  ## Environment
+  # This string is used to determine how we should tag the npm release.
+  # Environment can be one of three choices:
+  # "development" - this means we tag with the PR number, allowing
+  # a developer to install this version with `yarn add code-server@<pr-number>`
+  # "staging" - this means we tag with `beta`, allowing
+  # a developer to install this version with `yarn add code-server@beta`
+  # "production" - this means we tag with `latest` (default), allowing
+  # a developer to install this version with `yarn add code-server@latest`
+  if ! is_env_var_set "NPM_ENVIRONMENT"; then
+    echo "NPM_ENVIRONMENT is not set. Determining in script based on GITHUB environment variables."
+
+    if [[ "$GITHUB_EVENT_NAME" == 'push' && "$GITHUB_REF" == 'refs/heads/main' ]]; then
+      NPM_ENVIRONMENT="staging"
+    else
+      NPM_ENVIRONMENT="development"
+    fi
+
+    echo "Using npm environment: $NPM_ENVIRONMENT"
+  fi
+
+  # NOTE@jsjoeio - this script assumes we have the artifact downloaded on disk
+  # That happens in CI as a step before we run this.
   # https://github.com/actions/upload-artifact/issues/38
   tar -xzf release-npm-package/package.tar.gz
 
@@ -74,22 +90,40 @@ main() {
   # We only need to run npm version for "development" and "staging".
   # This is because our release:prep script automatically bumps the version
   # in the package.json and we commit it as part of the release PR.
-  if [[ "$ENVIRONMENT" == "production" ]]; then
+  if [[ "$NPM_ENVIRONMENT" == "production" ]]; then
     NPM_VERSION="$VERSION"
+    # This means the npm version will be published as "stable"
+    # and installed when a user runs `yarn install code-server`
+    NPM_TAG="latest"
   else
+    COMMIT_SHA="$GITHUB_SHA"
     echo "Not a production environment"
-    echo "Found environment: $ENVIRONMENT"
+    echo "Found environment: $NPM_ENVIRONMENT"
     echo "Manually bumping npm version..."
 
-    if ! is_env_var_set "PR_NUMBER_AND_COMMIT_SHA"; then
-      echo "PR_NUMBER_AND_COMMIT_SHA is not set. This is needed for setting the npm version in non-production environments."
-      exit 1
+    if [[ "$NPM_ENVIRONMENT" == "staging" ]]; then
+      NPM_VERSION="$VERSION-beta-$COMMIT_SHA"
+      # This means the npm version will be tagged with "beta"
+      # and installed when a user runs `yarn install code-server@beta`
+      NPM_TAG="beta"
+    fi
+
+    if [[ "$NPM_ENVIRONMENT" == "development" ]]; then
+      # Source: https://github.com/actions/checkout/issues/58#issuecomment-614041550
+      PR_NUMBER=$(echo "$GITHUB_REF" | awk 'BEGIN { FS = "/" } ; { print $3 }')
+      NPM_VERSION="$VERSION-$PR_NUMBER-$COMMIT_SHA"
+      # This means the npm version will be tagged with "<pr number>"
+      # and installed when a user runs `yarn install code-server@<pr number>`
+      NPM_TAG="$PR_NUMBER"
     fi
 
+    echo "using tag: $NPM_TAG"
+
     # We modify the version in the package.json
     # to be the current version + the PR number + commit SHA
+    # or we use current version + beta + commit SHA
     # Example: "version": "4.0.1-4769-ad7b23cfe6ffd72914e34781ef7721b129a23040"
-    NPM_VERSION="$VERSION-$PR_NUMBER_AND_COMMIT_SHA"
+    # Example: "version": "4.0.1-beta-ad7b23cfe6ffd72914e34781ef7721b129a23040"
     pushd release
     # NOTE:@jsjoeio
     # I originally tried to use `yarn version` but ran into issues and abandoned it.