name: Plan Release
on:
  workflow_dispatch:
  push:
    branches:
      - main
      - master
  pull_request_target: # This workflow has permissions on the repo, do NOT run code from PRs in this workflow. See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
    types:
      - labeled
      - unlabeled

concurrency:
  group: plan-release # only the latest one of these should ever be running
  cancel-in-progress: true

jobs:
  should-run-release-plan-prepare:
    name: Should we run release-plan prepare?
    runs-on: ubuntu-latest
    outputs:
      should-prepare: ${{ steps.should-prepare.outputs.should-prepare }}
    steps:
      - uses: release-plan/actions/should-prepare-release@v1
        with:
          ref: "main"
        id: should-prepare

  create-prepare-release-pr:
    name: Create Prepare Release PR
    runs-on: ubuntu-latest
    timeout-minutes: 5
    needs: should-run-release-plan-prepare
    permissions:
      contents: write
      issues: read
      pull-requests: write
    if: needs.should-run-release-plan-prepare.outputs.should-prepare == 'true'
    steps:
      - uses: actions/checkout@v6
        # We need to download lots of history so that
        # github-changelog can discover what's changed since the last release
        with:
          fetch-depth: 0
          ref: "main"
      - uses: pnpm/action-setup@v4
      - uses: actions/setup-node@v6
        with:
          node-version: 24
          cache: pnpm
      - run: pnpm install --frozen-lockfile
      - name: "Generate Explanation and Prep Changelogs"
        id: explanation
        run: |
          echo "::group::Running release-plan prepare"
          set +e
          node ./dist/cli.js prepare 2> >(tee -a release-plan-stderr.txt >&2)

          if [ $? -ne 0 ]; then
            release_plan_output=$(cat release-plan-stderr.txt)
            echo "::error::Failed to run release-plan prepare $release_plan_output"
          else
            release_plan_output=$(jq .description .release-plan.json -r)
            rm release-plan-stderr.txt

            if [ $(jq '.solution | length' .release-plan.json) -eq 1 ]; then
              new_version=$(jq -r '.solution[].newVersion' .release-plan.json)
              echo "Outputs new-version: $new_version"
              echo "new_version=v$new_version" >> $GITHUB_OUTPUT
            else
              echo "Outputs new-version: More than one package, so no new-version"
            fi
          fi
          echo 'text<<EOF' >> $GITHUB_OUTPUT
          echo "$release_plan_output" >> $GITHUB_OUTPUT
          echo 'EOF' >> $GITHUB_OUTPUT
          echo "::endgroup::"
        shell: bash
        env:
          GITHUB_AUTH: ${{ secrets.GITHUB_TOKEN }}

      - uses: peter-evans/create-pull-request@v8
        name: Create Prepare Release PR
        with:
          commit-message: "Prepare Release ${{ steps.explanation.outputs.new-version}} using 'release-plan'"
          labels: "internal"
          sign-commits: true
          branch: release-preview
          title: Prepare Release ${{ steps.explanation.outputs.new-version }}
          body: |
            This PR is a preview of the release that [release-plan](https://github.com/release-plan/release-plan) has prepared. To release you should just merge this PR 👍

            -----------------------------------------

            ${{ steps.explanation.outputs.text }}