name: Release

on:
  workflow_dispatch:
  push:
    branches:
      - master
    tags:
      - v*.*.*

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}

jobs:
  dockerize:
    environment: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || '' }}
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: |
            ghcr.io/logto-io/logto
            svhd/logto
          # https://github.com/docker/metadata-action#typesemver
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=raw,enable=${{ startsWith(github.ref, 'refs/tags/v') }},value=prerelease
            type=edge

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: silverhand-bot
          password: ${{ secrets.BOT_PAT }}

      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  deploy-dev:
    runs-on: ubuntu-latest
    needs: dockerize
    environment: dev
    if: ${{ !startsWith(github.ref, 'refs/tags/') }}

    steps:
      - uses: actions/checkout@v3

      - name: Setup Node and pnpm
        uses: silverhand-io/actions-node-pnpm-run-steps@v2

      - name: Deploy alteration
        run: |
          pnpm prepack
          pnpm cli db alt deploy next
        env:
          DB_URL: ${{ secrets.DB_URL_DEV }}

      - name: Login via Azure CLI
        uses: azure/login@v1
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}
      
      - name: Deploy to containerapp
        uses: azure/webapps-deploy@v2
        with:
          app-name: logto-dev
          images: svhd/logto:edge

  # Publish packages and create git tags if needed
  publish-and-tag:
    runs-on: ubuntu-latest
    env:
      NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTOMATION_TOKEN }}

    if: ${{ !startsWith(github.ref, 'refs/tags/') }}

    steps:
      - uses: actions/checkout@v3
        with:
          # Set Git operations with the bot PAT since we have tag protection rule
          token: ${{ secrets.BOT_PAT }}
          fetch-depth: 0

      - name: Setup Node and pnpm
        uses: silverhand-io/actions-node-pnpm-run-steps@v2

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.BOT_GPG_KEY }}
          passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true
          git_tag_gpgsign: true

      - name: Configure Git user
        run: |
          git config --global user.email bot@silverhand.io
          git config --global user.name silverhand-bot

      - name: Publish
        run: node .scripts/publish.js

  create-github-release:
    environment: release
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/')

    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Setup Node and pnpm
        uses: silverhand-io/actions-node-pnpm-run-steps@v2

      - name: Build
        run: pnpm -r build

      - name: Package
        run: ./.scripts/package.sh

      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          token: ${{ secrets.BOT_PAT }}
          body: <Release notes WIP>
          files: /tmp/logto.tar.gz