feat: implement ATS workflow with manual control and validation

- Replace all.publish.yml with ats.publish.yml focused on contracts and SDK only
- Add manual trigger with dry-run capability for testing
- Remove dependency between SDK and contracts jobs for parallel execution
- Update changeset config to use develop as base branch
- Support automatic triggers on version tags and release branches
- Implement changeset validation workflow to enforce one changeset per PR
- Add bypass labels for docs/chore changes (no-changeset, docs-only, hotfix, chore)
- Remove premature CHANGELOG.md files and create proper changeset
- Fix .gitignore to allow .github/ tracking for workflows
- Resolve changeset validation workflow branch detection issues
- Simplify validation logic to avoid monorepo dependency conflicts

This establishes a complete develop-first workflow with manual release control,
automated changeset validation, and parallel publishing capabilities.

Signed-off-by: Miguel_LZPF <miguel.carpena@io.builders>

Author: MiguelLZPF

.changeset/config.json

@@ -11,7 +11,7 @@
   ],
   "linked": [],
   "access": "restricted",
-  "baseBranch": "main",
+  "baseBranch": "develop",
   "updateInternalDependencies": "patch",
   "ignore": []
 }

.changeset/workflow-improvements.md

@@ -0,0 +1,17 @@
+---
+'@hashgraph/asset-tokenization-contracts': minor
+'@hashgraph/asset-tokenization-sdk': minor
+'@hashgraph/asset-tokenization-dapp': minor
+---
+
+Implement ATS-focused publish workflow with manual control and develop-branch strategy
+
+- Add new ats.publish.yml workflow focused on contracts and SDK packages only
+- Implement changeset validation workflow to enforce one changeset per PR
+- Configure develop-branch strategy for Changesets with manual release control
+- Add dry-run capability for testing releases without publishing
+- Remove old all.publish.yml workflow and update .gitignore
+- Support parallel execution of contracts and SDK publishing jobs
+- Update documentation with new workflow requirements and bypass labels
+
+This establishes a proper develop-first workflow with manual release control while ensuring all changes are properly documented through changesets.

.github/workflows/all.publish.yml .github/workflows/all.publish.yml.backup.github/workflows/all.publish.yml renamed to .github/workflows/all.publish.yml.backup

@@ -0,0 +1,178 @@
+name: ATS Publish
+
+on:
+  # Manual trigger with dry-run option
+  workflow_dispatch:
+    inputs:
+      dry-run-enabled:
+        description: 'Run npm publish with dry-run flag'
+        required: false
+        type: boolean
+        default: false
+      ref:
+        description: 'Branch/tag/commit to publish from'
+        required: false
+        type: string
+        default: 'main'
+
+  # Automatic triggers
+  push:
+    tags:
+      - 'v*.*.*' # Version tags
+    branches:
+      - 'release/**' # Release branches
+
+  # Release published trigger
+  release:
+    types:
+      - published
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  contracts:
+    name: Publish ATS Contracts
+    runs-on: token-studio-linux-large
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+          fetch-depth: 0
+
+      - name: Setup NodeJS Environment
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+          registry-url: https://registry.npmjs.org
+
+      - name: Create .npmrc file
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          cat << 'EOF' > .npmrc
+          //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
+          EOF
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build ATS Contracts
+        run: npm run ats:contracts:build
+
+      - name: Test ATS Contracts
+        run: npm run ats:contracts:test
+
+      - name: Publish ATS Contracts
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          DRY_RUN: ${{ inputs.dry-run-enabled }}
+        run: |
+          echo "DRY_RUN is set to: '${DRY_RUN}'"
+
+          cd packages/ats/contracts
+
+          PUBLISH_ARGS=("--access=restricted")
+          if [[ "${DRY_RUN}" == "true" ]]; then
+            PUBLISH_ARGS+=("--dry-run")
+            echo "🔍 DRY RUN MODE: Would publish @hashgraph/asset-tokenization-contracts"
+          fi
+
+          npm publish "${PUBLISH_ARGS[@]}"
+
+  sdk:
+    name: Publish ATS SDK
+    runs-on: token-studio-linux-large
+    # needs: contracts  # Commented out for parallel execution
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+          fetch-depth: 0
+
+      - name: Setup NodeJS Environment
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+          registry-url: https://registry.npmjs.org
+
+      - name: Create .npmrc file
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: |
+          cat << 'EOF' > .npmrc
+          //registry.npmjs.org/:_authToken=${NODE_AUTH_TOKEN}
+          EOF
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build ATS Contracts and SDK
+        run: |
+          npm run ats:contracts:build
+          npm run ats:sdk:build
+
+      - name: Test ATS SDK
+        run: npm run ats:sdk:test
+
+      - name: Publish ATS SDK
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          DRY_RUN: ${{ inputs.dry-run-enabled }}
+        run: |
+          echo "DRY_RUN is set to: '${DRY_RUN}'"
+
+          cd packages/ats/sdk
+
+          PUBLISH_ARGS=("--access=restricted")
+          if [[ "${DRY_RUN}" == "true" ]]; then
+            PUBLISH_ARGS+=("--dry-run")
+            echo "🔍 DRY RUN MODE: Would publish @hashgraph/asset-tokenization-sdk"
+          fi
+
+          npm publish "${PUBLISH_ARGS[@]}"
+
+  # Summary job to report results
+  summary:
+    name: Publish Summary
+    runs-on: token-studio-linux-large
+    needs: [contracts, sdk]
+    if: always()
+    steps:
+      - name: Report Results
+        run: |
+          echo "## ATS Publish Results" >> $GITHUB_STEP_SUMMARY
+          echo "| Package | Status |" >> $GITHUB_STEP_SUMMARY
+          echo "| --- | --- |" >> $GITHUB_STEP_SUMMARY
+          echo "| Contracts | ${{ needs.contracts.result }} |" >> $GITHUB_STEP_SUMMARY
+          echo "| SDK | ${{ needs.sdk.result }} |" >> $GITHUB_STEP_SUMMARY
+
+          if [[ "${{ inputs.dry-run-enabled }}" == "true" ]]; then
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "🔍 **DRY RUN MODE** - No packages were actually published" >> $GITHUB_STEP_SUMMARY
+          fi

.github/workflows/ats.publish.yml

@@ -0,0 +1,109 @@
+name: Changeset Check
+
+on:
+  pull_request:
+    branches:
+      - develop
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+      - unlabeled
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  check-changeset:
+    name: Validate Changeset Required
+    runs-on: token-studio-linux-large
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          # Ensure we have the develop branch for comparison
+          ref: ${{ github.head_ref }}
+
+      - name: Fetch develop branch
+        run: |
+          # Ensure we have the develop branch for changesets comparison
+          git fetch origin develop:develop || git fetch origin main:develop || true
+          git branch -a
+
+      - name: Setup NodeJS Environment
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        with:
+          node-version: 22.x
+
+      - name: Check for bypass labels
+        id: bypass
+        run: |
+          # Check if PR has bypass labels
+          LABELS=$(gh pr view ${{ github.event.number }} --json labels --jq '.labels[].name' || echo "")
+
+          if echo "$LABELS" | grep -E "(no-changeset|docs-only|hotfix|chore)" > /dev/null; then
+            echo "bypass=true" >> $GITHUB_OUTPUT
+            echo "✅ Found bypass label. Skipping changeset check."
+          else
+            echo "bypass=false" >> $GITHUB_OUTPUT
+            echo "🔍 No bypass labels found. Changeset check required."
+          fi
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Install dependencies
+        if: steps.bypass.outputs.bypass == 'false'
+        run: npm ci
+
+      - name: Check changeset status
+        if: steps.bypass.outputs.bypass == 'false'
+        run: |
+          echo "🔍 Checking for required changesets..."
+
+          # Check if we have any changeset files first
+          CHANGESET_FILES=$(find .changeset -name "*.md" -not -name "README.md" | wc -l)
+          echo "Found $CHANGESET_FILES changeset files"
+
+          if [ "$CHANGESET_FILES" -gt 0 ]; then
+            echo "✅ Changeset validation passed - found changeset files"
+          else
+            echo ""
+            echo "❌ CHANGESET REQUIRED"
+            echo ""
+            echo "This PR requires a changeset to document the changes."
+            echo ""
+            echo "To create a changeset:"
+            echo "1. Run: npm run changeset"
+            echo "2. Select the packages that changed"
+            echo "3. Choose the change type (patch/minor/major)"
+            echo "4. Write a description of your changes"
+            echo "5. Commit the generated .changeset/*.md file"
+            echo ""
+            echo "To bypass this check (for docs/chore changes only):"
+            echo "Add one of these labels to the PR:"
+            echo "- no-changeset: For pure documentation or config changes"
+            echo "- docs-only: For documentation-only changes"
+            echo "- chore: For build system or dependency updates"
+            echo "- hotfix: For emergency fixes"
+            echo ""
+            echo "More info: https://github.com/changesets/changesets/blob/main/docs/intro-to-using-changesets.md"
+            exit 1
+          fi
+
+      - name: Success summary
+        if: always()
+        run: |
+          if [ "${{ steps.bypass.outputs.bypass }}" = "true" ]; then
+            echo "✅ Changeset check bypassed due to label"
+          else
+            echo "✅ Changeset validation completed successfully"
+          fi

.github/workflows/changeset-check.yml

@@ -117,7 +117,6 @@ dist
 
 # Stores VSCode versions used for testing VSCode extensions
 .vscode-test
-.github/
 
 # Mac files
 .DS_Store