name: Prebuild, Create Release, Publish

on:
  push:
    tags:
      - 'v*'

jobs:
  build:
    strategy:
      matrix:
        node-version: [22.x]
        os: [ubuntu-latest, windows-latest, macos-latest]
        target: ["18.0.0", "20.0.0", "22.0.0"]
    runs-on: ${{ matrix.os }}
    permissions:
      id-token: write
      contents: write
      attestations: write
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
      - uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      - if: runner.os == 'Linux'
        run: sudo apt-get install -y build-essential libgl1-mesa-dri libglapi-mesa
                                     libglew-dev libglu1-mesa-dev libosmesa6
                                     libxi-dev mesa-utils pkg-config
      - run: npm ci --ignore-scripts
      - name: Prebuild and Publish
        shell: bash
        run: node ./node_modules/prebuild/bin.js -t ${{ matrix.target }} --strip --include-regex "\.(node|dll)$" -u ${{ secrets.GITHUB_TOKEN }} --verbose
      - name: Prebuild and Publish (musl)
        if: runner.os == 'Linux'
        shell: bash
        run: node ./node_modules/prebuild/bin.js --libc=musl -t ${{ matrix.target }} --strip -u ${{ secrets.GITHUB_TOKEN }} --verbose
      - name: Attest
        uses: actions/attest-build-provenance@v1
        with:
          subject-path: 'prebuilds/*.tar.gz'

  publish:
    name: Publish to NPM
    needs:
      - build
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
      - uses: actions/setup-node@v4
        with:
          node-version: '22.x'
          registry-url: 'https://registry.npmjs.org'
          cache: 'npm'
      - run: npm ci --ignore-scripts
      - run: npm publish --provenance --access public
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}