name: Build and Release

on:
  push:
    tags:
      - "v*"

permissions:
  contents: write

env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

jobs:
  prepare-release:
    runs-on: ubuntu-latest
    steps:
      - name: Mark release as pre-release (building)
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          set -euo pipefail
          TAG="$GITHUB_REF_NAME"
          REPO="$GITHUB_REPOSITORY"
          # Create or update the release as a pre-release with a placeholder note
          if gh release view "$TAG" --repo "$REPO" > /dev/null 2>&1; then
            gh release edit "$TAG" --repo "$REPO" --prerelease --notes $'## ⚠️ 正在自动构建中，请勿下载\n\n各平台安装包正在构建，完成后将自动更新本页面并正式发布。\n\n**请勿在此期间下载任何文件。**'
          else
            gh release create "$TAG" --repo "$REPO" --prerelease --title "$TAG" --notes $'## ⚠️ 正在自动构建中，请勿下载\n\n各平台安装包正在构建，完成后将自动更新本页面并正式发布。\n\n**请勿在此期间下载任何文件。**'
          fi

  release-mac-arm64:
    runs-on: macos-14
    needs: prepare-release

    steps:
      - name: Check out git repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Install Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 24
          cache: "npm"

      - name: Install Dependencies
        run: npm install

      - name: Sync version with tag
        shell: bash
        run: |
          VERSION=${GITHUB_REF_NAME#v}
          echo "Syncing package.json version to $VERSION"
          npm version $VERSION --no-git-tag-version --allow-same-version

      - name: Build Frontend & Type Check
        run: |
          npx tsc
          npx vite build

      - name: Package and Publish macOS arm64 (unsigned DMG)
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CSC_IDENTITY_AUTO_DISCOVERY: "false"
        run: |
          npx electron-builder --mac dmg --arm64 --publish always

  release-linux:
    runs-on: ubuntu-latest
    needs: prepare-release

    steps:
      - name: Check out git repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Install Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 24
          cache: "npm"

      - name: Install Dependencies
        run: npm install

      - name: Sync version with tag
        shell: bash
        run: |
          VERSION=${GITHUB_REF_NAME#v}
          echo "Syncing package.json version to $VERSION"
          npm version $VERSION --no-git-tag-version --allow-same-version

      - name: Build Frontend & Type Check
        run: |
          npx tsc
          npx vite build

      - name: Package and Publish Linux
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          npx electron-builder --linux --publish always

  release:
    runs-on: windows-latest
    needs: prepare-release

    steps:
      - name: Check out git repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Install Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 24
          cache: 'npm'

      - name: Install Dependencies
        run: npm install

      - name: Sync version with tag
        shell: bash
        run: |
          VERSION=${GITHUB_REF_NAME#v}
          echo "Syncing package.json version to $VERSION"
          npm version $VERSION --no-git-tag-version --allow-same-version

      - name: Build Frontend & Type Check
        run: |
          npx tsc
          npx vite build

      - name: Package and Publish
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          npx electron-builder --win nsis --x64 --publish always "-c.artifactName=\${productName}-\${version}-x64-Setup.\${ext}"

  release-windows-arm64:
    runs-on: windows-latest
    needs: prepare-release

    steps:
      - name: Check out git repository
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Install Node.js
        uses: actions/setup-node@v5
        with:
          node-version: 24
          cache: 'npm'

      - name: Install Dependencies
        run: npm install

      - name: Sync version with tag
        shell: bash
        run: |
          VERSION=${GITHUB_REF_NAME#v}
          echo "Syncing package.json version to $VERSION"
          npm version $VERSION --no-git-tag-version --allow-same-version

      - name: Build Frontend & Type Check
        run: |
          npx tsc
          npx vite build

      - name: Package and Publish Windows arm64
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          npx electron-builder --win nsis --arm64 --publish always -c.publish.channel=latest-arm64 "-c.artifactName=\${productName}-\${version}-arm64-Setup.\${ext}"

  update-release-notes:
    runs-on: ubuntu-latest
    needs:
      - release-mac-arm64
      - release-linux
      - release
      - release-windows-arm64

    steps:
      - name: Fix latest.yml to point to x64 installer
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          set -euo pipefail
          TAG="$GITHUB_REF_NAME"
          VERSION="${TAG#v}"
          REPO="$GITHUB_REPOSITORY"

          # Find the x64 exe asset name
          ASSETS_JSON="$(gh release view "$TAG" --repo "$REPO" --json assets)"
          X64_ASSET="$(echo "$ASSETS_JSON" | jq -r '[.assets[].name | select(test("x64.*\\.exe$"))][0] // ""')"
          if [ -z "$X64_ASSET" ]; then
            X64_ASSET="$(echo "$ASSETS_JSON" | jq -r '[.assets[].name | select(test("\\.exe$")) | select(test("arm64") | not)][0] // ""')"
          fi

          if [ -z "$X64_ASSET" ]; then
            echo "ERROR: Could not find x64 exe asset"
            exit 1
          fi

          echo "Downloading x64 installer: $X64_ASSET"
          gh release download "$TAG" --repo "$REPO" --pattern "$X64_ASSET" --dir /tmp/weflow-x64

          SHA512_B64="$(sha512sum "/tmp/weflow-x64/$X64_ASSET" | awk '{print $1}' | xxd -r -p | base64 -w 0)"
          SIZE="$(stat -c%s "/tmp/weflow-x64/$X64_ASSET")"
          RELEASE_DATE="$(gh release view "$TAG" --repo "$REPO" --json publishedAt -q .publishedAt)"

          cat > /tmp/latest.yml <<YMLEOF
          version: $VERSION
          files:
            - url: $X64_ASSET
              sha512: $SHA512_B64
              size: $SIZE
          path: $X64_ASSET
          sha512: $SHA512_B64
          releaseDate: '$RELEASE_DATE'
          YMLEOF

          # Strip leading spaces (heredoc indentation)
          sed -i 's/^          //' /tmp/latest.yml
          cat /tmp/latest.yml

          gh release upload "$TAG" --repo "$REPO" /tmp/latest.yml --clobber
          echo "latest.yml updated successfully to point to $X64_ASSET"

      - name: Generate release notes with platform download links
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          set -euo pipefail

          TAG="$GITHUB_REF_NAME"
          REPO="$GITHUB_REPOSITORY"
          RELEASE_PAGE="https://github.com/$REPO/releases/tag/$TAG"

          ASSETS_JSON="$(gh release view "$TAG" --repo "$REPO" --json assets)"

          pick_asset() {
            local pattern="$1"
            echo "$ASSETS_JSON" | jq -r --arg p "$pattern" '[.assets[].name | select(test($p))][0] // ""'
          }

          WINDOWS_ASSET="$(echo "$ASSETS_JSON" | jq -r '[.assets[].name | select(test("x64.*\\.exe$"))][0] // ""')"
          if [ -z "$WINDOWS_ASSET" ]; then
            WINDOWS_ASSET="$(echo "$ASSETS_JSON" | jq -r '[.assets[].name | select(test("\\.exe$")) | select(test("arm64") | not)][0] // ""')"
          fi
          WINDOWS_ARM64_ASSET="$(echo "$ASSETS_JSON" | jq -r '[.assets[].name | select(test("arm64.*\\.exe$"))][0] // ""')"
          MAC_ASSET="$(pick_asset "\\.dmg$")"
          LINUX_TAR_ASSET="$(pick_asset "\\.tar\\.gz$")"
          LINUX_APPIMAGE_ASSET="$(pick_asset "\\.AppImage$")"

          build_link() {
            local name="$1"
            if [ -n "$name" ]; then
              echo "https://github.com/$REPO/releases/download/$TAG/$name"
            fi
          }

          WINDOWS_URL="$(build_link "$WINDOWS_ASSET")"
          WINDOWS_ARM64_URL="$(build_link "$WINDOWS_ARM64_ASSET")"
          MAC_URL="$(build_link "$MAC_ASSET")"
          LINUX_TAR_URL="$(build_link "$LINUX_TAR_ASSET")"
          LINUX_APPIMAGE_URL="$(build_link "$LINUX_APPIMAGE_ASSET")"

          cat > release_notes.md <<EOF
          ## 更新日志
          修复了一些已知问题

          ## 查看更多日志/获取最新动态
          [点击加入 Telegram 频道](https://t.me/weflow_cc)

          ## 下载
          - Windows x64（Win10+）: ${WINDOWS_URL:-$RELEASE_PAGE}
          - Windows arm64: ${WINDOWS_ARM64_URL:-$RELEASE_PAGE}
          - macOS（M系列芯片）: ${MAC_URL:-$RELEASE_PAGE}
          - Linux (.tar.gz): ${LINUX_TAR_URL:-$RELEASE_PAGE}
          - linux (.AppImage): ${LINUX_APPIMAGE_URL:-$RELEASE_PAGE}

          ## macOS 安装提示（未知来源）
          - 若打开时提示“来自未知开发者”或“无法验证开发者”，请到「系统设置 -> 隐私与安全性」中允许打开该应用。
          - 如果仍被系统拦截，请在终端执行以下命令去除隔离标记：
          - xattr -rd com.apple.quarantine /Applications/WeFlow.app
          - 执行后重新打开 WeFlow。

          > 如果某个平台链接暂时未生成，可进入完整发布页查看全部资源：$RELEASE_PAGE
          EOF

          gh release edit "$TAG" --repo "$REPO" --notes-file release_notes.md

      - name: Mark release as published (no longer pre-release)
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        shell: bash
        run: |
          set -euo pipefail
          gh release edit "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" --latest --draft=false --prerelease=false