name: Release

on:
  push:
    tags:
      - 'v*'

permissions:
  contents: write

jobs:
  build-mac:
    runs-on: macos-latest
    timeout-minutes: 30
    steps:
      - uses: actions/checkout@v6

      - uses: actions/setup-node@v6
        with:
          node-version: 22
          cache: npm

      - name: Install dependencies
        run: npm ci

      - name: Import signing certificate
        env:
          CERTIFICATE_P12: ${{ secrets.CERTIFICATE_P12 }}
          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
        run: |
          echo "$CERTIFICATE_P12" | base64 --decode > certificate.p12
          security create-keychain -p actions build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p actions build.keychain
          security import certificate.p12 -k build.keychain -P "$CERTIFICATE_PASSWORD" -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k actions build.keychain
          rm certificate.p12

      - name: Build macOS DMGs
        env:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
        run: npm run electron:build:mac

      - name: Upload DMGs + ZIPs + updater metadata
        uses: actions/upload-artifact@v7
        with:
          name: mac-dmgs
          path: |
            dist-electron/*.dmg
            dist-electron/*.dmg.blockmap
            dist-electron/*.zip
            dist-electron/*.zip.blockmap
            dist-electron/latest-mac*.yml

  build-win:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v6

      - uses: actions/setup-node@v6
        with:
          node-version: 22
          cache: npm

      - name: Install dependencies
        run: npm ci

      - name: Build Windows installer
        run: npm run electron:build:win

      - name: Upload exe + updater metadata
        uses: actions/upload-artifact@v7
        with:
          name: win-exe
          path: |
            dist-electron/*.exe
            dist-electron/*.exe.blockmap
            dist-electron/latest*.yml

  publish-npm:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - uses: actions/setup-node@v6
        with:
          node-version: 22
          registry-url: https://registry.npmjs.org

      - name: Install dependencies
        run: npm ci

      - name: Build
        run: npm run build

      - name: Publish to npm
        run: npm publish
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

  release:
    needs: [build-mac, build-win]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v8
        with:
          name: mac-dmgs
          path: artifacts

      - uses: actions/download-artifact@v8
        with:
          name: win-exe
          path: artifacts

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: artifacts/*
          generate_release_notes: true