name: Trigger Release
on: 
  push:
    branches:
      - master
jobs:
  get_pull_request:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v2
        with:
          token: ${{ secrets._GITHUB_TOKEN }}

      - name: Get the PR that this merge came from
        uses: actions-ecosystem/action-get-merged-pull-request@136e2f3a66a0d28e8d85094e1042ddbe5abea267
        id: get-merged-pull-request
        with:
          github_token: ${{ secrets._GITHUB_TOKEN }}
    outputs:
      pull_request_labels: ${{ steps.get-merged-pull-request.outputs.labels }}
      pull_request_title: ${{ steps.get-merged-pull-request.outputs.title }}
      pull_request_body: ${{ steps.get-merged-pull-request.outputs.body }}
    
  bump_version:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    needs: 
      - get_pull_request
    if: ${{ contains(needs.get_pull_request.outputs.pull_request_labels, 'release/patch') || contains(needs.get_pull_request.outputs.pull_request_labels, 'release/minor') || contains(needs.get_pull_request.outputs.pull_request_labels, 'release/major') }}
    steps:
      - name: Check out repository code
        uses: actions/checkout@v2
        with:
          token: ${{ secrets._GITHUB_TOKEN }}

      - uses: actions/setup-node@v2
        with:
          node-version: 24

      - name: Set up Artifactory Auth with OIDC
        uses: jfrog/setup-jfrog-cli@v4
        env:
          JF_URL: https://artifactory.coxautoinc.com
        with:
          oidc-provider-name: gh-public

      - name: Configure npm to use Artifactory
        run: |
          jf npm-config --repo-resolve cai-npm --server-id-resolve setup-jfrog-cli-server

      - name: Set github user
        run: |
          git config --global user.name 'github-actions[bot]'
          git config --global user.email 'github-actions[bot]@users.noreply.github.com'

      - name: install dependencies
        run: jf npm ci

      - name: Get the release level (major/minor/patch) from the labels
        uses: actions-ecosystem/action-release-label@955bf130fba6be3d99d2c14457d0dc7f176bc563
        id: release-label
        if: ${{ needs.get_pull_request.outputs.pull_request_title != null }}
        with:
          labels: ${{ needs.get_pull_request.outputs.pull_request_labels }}

      - name: skip non-merge pushes
        if: ${{ needs.get_pull_request.outputs.pull_request_title == null }}
        run: echo "skipping build since this is not a merge of a pull request" && exit 1

      - name: skip merges without a release label
        if: ${{ steps.release-label.outputs.level == null }}
        run: echo "skipping build since there is no release label on the merged PR" && exit 1

      - name: update the date in changelog.txt (if needed)
        run: |
          echo "★ Release Notes: $(date +%Y-%m-%d) ★" > changelog.temp.txt
          tail -n +2 changelog.txt >> changelog.temp.txt
          if [[ ! $(cmp --silent changelog.txt changelog.temp.txt ) ]]; then
            mv changelog.temp.txt changelog.txt
            git add changelog.txt
            git commit -m 'updates changelog.txt' --allow-empty
          fi

      - name: Bump both git-tag and package.json version
        run: npm version "${{ steps.release-label.outputs.level }}" -m "${{ needs.get_pull_request.outputs.pull_request_title }}"

      # Temporarily disable and reenable enforce administrators
      - name: Temporarily disable "include administrators" branch protection
        uses: benjefferies/branch-protection-bot@1.0.9
        if: always()
        with:
          access_token: ${{ secrets._GITHUB_TOKEN }}
          owner: Cox-Automotive
          repo: alks-cli
          enforce_admins: false

      - name: Commit & Push changes
        uses: ad-m/github-push-action@8407731efefc0d8f72af254c74276b7a90be36e1
        with:
          github_token: ${{ secrets._GITHUB_TOKEN }}
          branch: ${{ github.ref }}
          force: true # have to do this since there's a branch protection on master
          tags: true

      - name: Enable "include administrators" branch protection
        uses: benjefferies/branch-protection-bot@1.0.9
        if: always()  # Force to always run this step to ensure "include administrators" is always turned back on
        with:
          access_token: ${{ secrets._GITHUB_TOKEN }}
          owner: Cox-Automotive
          repo: alks-cli
          enforce_admins: true

      - name: Get the latest tag
        id: previoustag
        uses: WyriHaximus/github-action-get-previous-tag@8656db79964f6757c940965c172d371ceedc8a7f
        with:
          fallback: 0.0.1 # Optional fallback tag to use when no tag can be found

      - uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets._GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.previoustag.outputs.tag }}
          release_name: ${{ steps.previoustag.outputs.tag }}
          body: ${{ needs.get_pull_request.outputs.pull_request_body }}

      - name: Build the project
        run: npm run build

      - name: Configure npm for npmjs publishing
        run: |
          echo "registry=https://registry.npmjs.org/" > .npmrc

      - name: Publish to npm with OIDC provenance
        run: |
          unset NODE_AUTH_TOKEN
          npm publish --provenance --access public