name: Build (artifact)

on:
  workflow_dispatch:
  push:
    branches: [ "master" ]

jobs:
  build:
    runs-on: ubuntu-latest
    if: "!contains(github.event.head_commit.message, '[CI-SKIP]')"

    steps:
      - name: Checkout
        uses: https://github.com/actions/checkout@v4

      - name: Setup Go
        uses: https://github.com/actions/setup-go@v5
        with:
          go-version: "1.25"

      - name: Install protoc
        run: |
          sudo apt-get update
          sudo apt-get install -y protobuf-compiler

      - name: Install Go protobuf plugins
        run: |
          go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
          go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
          echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

      - name: Read VERSION from Makefile
        shell: bash
        run: |
          VERSION="$(awk -F':=' '/^VERSION[[:space:]]*:=/ {gsub(/[[:space:]]/,"",$2); print $2; exit}' Makefile)"
          if [ -z "$VERSION" ]; then
            echo "Failed to read VERSION from Makefile" >&2
            exit 1
          fi
          echo "VERSION=$VERSION" >> $GITHUB_ENV

      - name: Get latest commit message
        run: echo "COMMIT_MSG=$(git log -1 --pretty=%s)" >> $GITHUB_ENV

      - name: Build
        run: make build

      - name: Upload artifact
        uses: https://github.com/actions/upload-artifact@v3
        with:
          name: certman-${{ env.VERSION }}-amd64.zip
          path: bin/
          if-no-files-found: error

      - name: Create release and upload binary
        run: |
            BODY=$(jq -n --arg tag "v${{ env.VERSION }}" --arg msg "$COMMIT_MSG" \
              '{tag_name: $tag, name: $tag, body: $msg, draft: false, prerelease: false}')
            # Create the release
            RELEASE_RESPONSE=$(curl --fail --silent --show-error \
              -X POST \
              -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
              -H "Content-Type: application/json" \
              -d '{
                "tag_name": "v${{ env.VERSION }}",
                "name": "v${{ env.VERSION }}",
                "body": $BODY,
                "draft": false,
                "prerelease": false
              }' \
              "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases")
            
            # Extract the release ID
            RELEASE_ID=$(echo "$RELEASE_RESPONSE" | jq -r '.id')
            if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
              echo "Failed to create release" >&2
              echo "$RELEASE_RESPONSE" >&2
              exit 1
            fi
            
            # Upload the binaries as release attachments
            for binary in bin/*; do
              FILENAME=$(basename "$binary")
              echo "Uploading $FILENAME..."
              curl --fail --silent --show-error \
                -X POST \
                -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
                -H "Content-Type: application/octet-stream" \
                --upload-file "$binary" \
                "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/$RELEASE_ID/assets?name=$FILENAME"
            done