name: 'Build and Release'

on:
  workflow_dispatch: # Allows manual triggering

jobs:
  create-release:
    permissions:
      contents: write
    runs-on: 'ubuntu-24.04'
    outputs:
      release_id: ${{ steps.create-release.outputs.result }}
      version: ${{ steps.get-version.outputs.version }}

    steps:
      - uses: actions/checkout@v4

      - name: setup node
        uses: actions/setup-node@v4
        with:
          node-version: lts/*
          cache: 'npm'

      - name: get version
        id: get-version
        run: |
          VERSION=$(node -p "require('./package.json').version")
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "Package version: $VERSION"

      - name: get changelog notes for version
        id: changelog
        env:
          VERSION: ${{ steps.get-version.outputs.version }}
        run: |
          NOTES="$(awk -v ver="$VERSION" '
            BEGIN { found=0 }
            $0 ~ "^## \\[" ver "\\] - " { found=1 }
            found {
              if ($0 ~ "^## \\[" && $0 !~ "^## \\[" ver "\\] - " ) exit
              print
            }
          ' CHANGELOG.md)"

          if [ -z "$NOTES" ]; then
            echo "No changelog entry found for version $VERSION" >&2
            exit 1
          fi

          {
            echo "notes<<EOF"
            echo "$NOTES"
            echo "EOF"
          } >> "$GITHUB_OUTPUT"

      - name: install nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: update package.nix version, date, and npm hash
        env:
          VERSION: ${{ steps.get-version.outputs.version }}
        run: |
          # Get today's date in YYYY-MM-DD format
          TODAY=$(date -u +%Y-%m-%d)

          # Compute new npm deps hash from package-lock.json
          HASH=$(nix-shell -p prefetch-npm-deps --run "prefetch-npm-deps package-lock.json" 2>/dev/null)
          echo "New hash: $HASH"

          # Update version string (e.g. 1.5.5-unstable-2026-05-03)
          sed -i "s|version = \"[^\"]*\"|version = \"${VERSION}-unstable-${TODAY}\"|" package.nix

          # Update npm deps hash
          sed -i "s|hash = \"[^\"]*\"|hash = \"${HASH}\"|" package.nix

          echo "Updated package.nix:"
          grep -E 'version|hash' package.nix

      - name: commit updated package.nix
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add package.nix
          if [[ $(git status -s) ]]; then
            git commit -m "chore: update package.nix for v${{ steps.get-version.outputs.version }}"
            git push
          fi

      - name: create draft release
        id: create-release
        uses: actions/github-script@v6
        env:
          VERSION: ${{ steps.get-version.outputs.version }}
          NOTES: ${{ steps.changelog.outputs.notes }}
        with:
          script: |
            const { data } = await github.rest.repos.createRelease({
              owner: context.repo.owner,
              repo: context.repo.repo,
              tag_name: `v${process.env.VERSION}`,
              name: `v${process.env.VERSION}`,
              body: process.env.NOTES,
              draft: true,
              prerelease: false
            })
            return data.id

  build-tauri:
    needs: create-release
    permissions:
      contents: write
    strategy:
      fail-fast: false
      matrix:
        include:
          - platform: 'ubuntu-24.04'
            args: ''

    runs-on: ${{ matrix.platform }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: main

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: lts/*
          cache: 'npm'

      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt, clippy

      - name: Rust cache
        uses: swatinem/rust-cache@v2
        with:
          workspaces: './src-tauri -> target'

      - name: Install system dependencies (Ubuntu)
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            libwebkit2gtk-4.1-0=2.44.0-2 \
            libwebkit2gtk-4.1-dev=2.44.0-2 \
            libjavascriptcoregtk-4.1-0=2.44.0-2 \
            libjavascriptcoregtk-4.1-dev=2.44.0-2 \
            gir1.2-javascriptcoregtk-4.1=2.44.0-2 \
            gir1.2-webkit2-4.1=2.44.0-2 \
            libappindicator3-dev \
            librsvg2-dev \
            patchelf \
            build-essential \
            curl \
            wget \
            file \
            libssl-dev \
            libgtk-3-dev

      - name: Install frontend dependencies
        run: npm ci

      - name: Build Tauri app with updater
        uses: tauri-apps/tauri-action@v0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
        with:
          releaseId: ${{ needs.create-release.outputs.release_id }}
          projectPath: '.'
          includeDebug: false
          includeRelease: true
          includeUpdaterJson: true
          tauriScript: 'npm run tauri'
          args: ${{ matrix.args }}

  publish-release:
    name: Publish release
    needs: [create-release, build-tauri]
    runs-on: ubuntu-24.04
    permissions:
      contents: write

    steps:
      - name: Publish GitHub release (unset draft)
        uses: actions/github-script@v6
        with:
          script: |
            const release_id = Number("${{ needs.create-release.outputs.release_id }}");

            await github.rest.repos.updateRelease({
              owner: context.repo.owner,
              repo: context.repo.repo,
              release_id,
              draft: false
            });