.github/workflows/release.yaml

name: release

on:
  push:
    tags:
      - v[0-9]+.[0-9]+.[0-9]+*

jobs:
  validate:
    uses: ./.github/workflows/validate.yaml

  parse_tag:
    runs-on: ubuntu-22.04
    outputs:
      is_stable_version: ${{ steps.parse.outputs.is_stable_version }}
      version: ${{ steps.parse.outputs.version }}
    steps:
      - id: parse
        run: |
          echo "is_stable_version=$([[ $GITHUB_REF_NAME =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]] && echo true || echo false)" >> $GITHUB_OUTPUT
          echo "version=${GITHUB_REF_NAME:1}" >> $GITHUB_OUTPUT

  pypi:
    needs: validate
    runs-on: ubuntu-22.04
    permissions:
      id-token: write
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v4
        with:
          python-version: '3.10'
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install --upgrade poetry
          poetry install
      - run: poetry build
      - uses: actions/upload-artifact@v3
        with:
          name: pypi
          path: dist/*
          if-no-files-found: error
      - uses: pypa/gh-action-pypi-publish@release/v1

  brew:
    # the Formula references the rclip package published to PyPI
    needs: [validate, parse_tag, pypi]
    if: needs.parse_tag.outputs.is_stable_version == 'true'
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v4
        with:
          python-version: '3.10'
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install --upgrade poetry
          poetry install
      - name: Setup git
        run: |
          git config --global user.email "zhibot.gh@gmail.com"
          git config --global user.name "Zhi Bot"
      - run: make release-brew
        env:
          GITHUB_TOKEN: ${{ secrets.ZHIBOT_GITHUB_TOKEN }}

  snap:
    needs: [validate, parse_tag]
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v4
      - uses: canonical/setup-lxd@main
      - name: Configure git for "snapcraft remote-build"
        run: |
          git config --global user.email "yurij@mikhalevi.ch"
          git config --global user.name "Yurij Mikhalevich"
      - name: Setup launchpad creds
        run: |
          mkdir -p ~/.local/share/snapcraft/provider/launchpad
          echo "${{ secrets.LAUNCHPAD_CREDENTIALS }}" > ~/.local/share/snapcraft/provider/launchpad/credentials
      - uses: actions/setup-python@v4
        with:
          python-version: '3.10'
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install --upgrade poetry
          poetry install
      - name: Build wheel
        run: |
          poetry build
          mkdir snap/local
          cp -v dist/rclip-*.tar.gz snap/local
      - run: sudo snap install snapcraft --classic
      - name: Build arm64 snap remotely
        run: |
          export SNAPCRAFT_REMOTE_BUILD_STRATEGY="force-fallback"
          snapcraft remote-build --launchpad-accept-public-upload --build-for arm64
      - name: Build amd64 snap locally
        run: snapcraft --use-lxd --build-for amd64
      - name: Validate built snap
        run: |
          sudo snap install rclip_*_amd64.snap --dangerous
          rclip cat
      - name: Upload snaps to the beta channel
        run: |
          for snap in *.snap; do
            snapcraft upload --release=beta "$snap"
          done
        env:
          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }}
      - name: Promote snaps to the stable channel
        if: needs.parse_tag.outputs.is_stable_version == 'true'
        run: snapcraft promote --from-channel=beta --to-channel=stable --yes rclip
        env:
          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }}
      - name: Rename snaps for GitHub releases page
        run: |
          for snap in *.snap; do
            mv "$snap" "${snap//_/-}"
          done
      - uses: actions/upload-artifact@v3
        with:
          name: snap
          path: rclip-*.snap
          if-no-files-found: error

  appimage:
    needs: [parse_tag, validate]
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
      - name: Set up APPDIR for after_bundle
        run: echo "APPDIR=$PWD/AppDir" >> $GITHUB_ENV
      - name: Build AppImage
        uses: AppImageCrafters/build-appimage@v1.3
        with:
          recipe: './release-utils/appimage/appimage-builder.yml'
        env:
          APP_VERSION: ${{ needs.parse_tag.outputs.version }}
      - name: Rename AppImage for GitHub releases page
        run: mv rclip-${{ needs.parse_tag.outputs.version }}-x86_64.AppImage rclip-${{ needs.parse_tag.outputs.version }}-amd64.AppImage
      - uses: actions/upload-artifact@v3
        with:
          name: appimage
          path: rclip-*.AppImage
          if-no-files-found: error

  windows:
    needs: [parse_tag, validate]
    if: needs.parse_tag.outputs.is_stable_version == 'true'
    runs-on: windows-2022
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v4
        with:
          python-version: '3.10'
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install --upgrade poetry
          poetry install
          poetry run pip install pyinstaller==6.10.0
      - run: make build-windows
      - name: Install Advinst
        uses: caphyon/advinst-github-action@main
        with:
          advinst-version: '21.1'
          advinst-enable-automation: 'true'
      - run: |
          & ./release-utils/windows/build-msi.ps1 "${{ needs.parse_tag.outputs.version }}"
          mv build-msi/rclip-SetupFiles/rclip.msi build-msi/rclip-SetupFiles/rclip-${{ needs.parse_tag.outputs.version }}.msi
      - name: Sign MSI
        run: |
          mkdir signed
          Invoke-WebRequest -URI https://ee2cc1f8.rocketcdn.me/wp-content/uploads/2023/11/CodeSignTool-v1.2.7-windows.zip -OutFile CodeSignTool.zip
          if ( ( Get-FileHash -Algorithm SHA256 CodeSignTool.zip ).Hash -ne 'AC9CDBFF6D482DBC1107ABC8789570F57ECF85773332BBA466CB3E00CE0BB841' ) { throw 'hash does not match' }
          Expand-Archive -Path CodeSignTool.zip -DestinationPath .
          cd CodeSignTool-v1.2.7-windows
          & ./CodeSignTool.bat sign -input_file_path="${env:GITHUB_WORKSPACE}/build-msi/rclip-SetupFiles/rclip-${{ needs.parse_tag.outputs.version }}.msi" -username=${{ secrets.WINDOWS_SIGNING_USERNAME }} -credential_id='${{ secrets.WINDOWS_SIGNING_CREDENTIAL_ID }}' -password='${{ secrets.WINDOWS_SIGNING_PASSWORD }}' -totp_secret='${{ secrets.WINDOWS_SIGNING_TOTP_SECRET }}' -output_dir_path="${env:GITHUB_WORKSPACE}/signed"
      - uses: actions/upload-artifact@v3
        with:
          name: windows
          path: signed/rclip-*.msi
          if-no-files-found: error

  windows-validate:
    needs: [parse_tag, windows]
    runs-on: windows-2022
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: windows
      - name: Install MSI
        run: Start-Process msiexec.exe -Wait -ArgumentList '/i rclip-${{ needs.parse_tag.outputs.version }}.msi /quiet'
      - name: Ensure it works
        run: |
          Import-Module "$env:ChocolateyInstall/helpers/chocolateyInstaller.psm1"
          refreshenv
          rclip cat

  create_release:
    needs: [parse_tag, pypi, snap, appimage, windows-validate]
    # the windows job doesn't run for pre-releases, but we need to create a release for pre-releases too
    if: ${{ !cancelled() }}
    runs-on: ubuntu-22.04
    steps:
      # if any of the needs jobs fail, we don't want to create a release
      # this is needed because of `if: ${{ !cancelled() }}` above
      - if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1
      - uses: actions/checkout@v3
      - uses: actions/download-artifact@v3
        with:
          path: artifacts/
      - name: Generate Changelog
        run: |
          git fetch --unshallow
          PREVIOUS_TAG="$(git describe --abbrev=0 --tags $(git rev-list --tags --skip=1 --max-count=1))"
          git --no-pager log --pretty="format:- %s" $PREVIOUS_TAG..$GITHUB_REF_NAME > release_changelog.md
          cat release_changelog.md
      - name: Create Release
        uses: ncipollo/release-action@v1
        with:
          name: ${{ github.ref_name }}
          artifacts: artifacts/pypi/rclip-*,artifacts/snap/rclip-*.snap,artifacts/appimage/rclip-*.AppImage,artifacts/windows/rclip-*.msi
          bodyFile: release_changelog.md
          prerelease: ${{ needs.parse_tag.outputs.is_stable_version == 'false' }}
          token: ${{ secrets.GITHUB_TOKEN }}