name: Create Release

on:
  push:
    tags:
      - "*"

permissions:
  id-token: write
  contents: write

jobs:
  set-version:
    name: Set version number
    runs-on: open-source-releaser
    outputs:
      version: ${{ steps.get_version.outputs.tag }}
      is_prerelease: ${{ steps.check_prerelease.outputs.is_prerelease }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set version number
        id: get_version
        run: |
          version="${{ github.ref_name }}"
          echo "tag=$version" >> $GITHUB_OUTPUT

      - name: Check if pre-release
        id: check_prerelease
        run: |
          TAG="${{ steps.get_version.outputs.tag }}"
          if echo "$TAG" | grep -Eq '(^|[.-])(alpha|beta|rc|pre)([.-]?[0-9]+)?$'; then
            IS_PRERELEASE=true
          else
            IS_PRERELEASE=false
          fi
          echo "is_prerelease=$IS_PRERELEASE" >> $GITHUB_OUTPUT
          echo "Tag $TAG is pre-release: $IS_PRERELEASE"

  create-binaries:
    needs: set-version
    uses: ./.github/workflows/create-artifact.yml
    with:
      version: ${{ needs.set-version.outputs.version }}

  publish-binaries:
    name: Publish to GitHub release
    needs: [set-version, create-binaries]
    runs-on: open-source-releaser
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Download all binary artifacts
        uses: actions/download-artifact@v4
        with:
          path: binaries/
          pattern: safe-chain-*
          merge-multiple: false

      - name: Rename binaries to include platform and architecture
        run: |
          mkdir release-artifacts
          mv binaries/safe-chain-macos-x64/safe-chain release-artifacts/safe-chain-macos-x64
          mv binaries/safe-chain-macos-arm64/safe-chain release-artifacts/safe-chain-macos-arm64
          mv binaries/safe-chain-linux-x64/safe-chain release-artifacts/safe-chain-linux-x64
          mv binaries/safe-chain-linux-arm64/safe-chain release-artifacts/safe-chain-linux-arm64
          mv binaries/safe-chain-linuxstatic-x64/safe-chain release-artifacts/safe-chain-linuxstatic-x64
          mv binaries/safe-chain-linuxstatic-arm64/safe-chain release-artifacts/safe-chain-linuxstatic-arm64
          mv binaries/safe-chain-win-x64/safe-chain.exe release-artifacts/safe-chain-win-x64.exe
          mv binaries/safe-chain-win-arm64/safe-chain.exe release-artifacts/safe-chain-win-arm64.exe

      - name: Move install scripts and hard-code version
        env:
          VERSION: ${{ needs.set-version.outputs.version }}
        run: |
          sed "s/\$(fetch_latest_version)/${VERSION}/" install-scripts/install-safe-chain.sh > release-artifacts/install-safe-chain.sh
          sed "s/\$Version = Get-LatestVersion/\$Version = \"${VERSION}\"/" install-scripts/install-safe-chain.ps1 > release-artifacts/install-safe-chain.ps1
          cp install-scripts/uninstall-safe-chain.sh release-artifacts/uninstall-safe-chain.sh
          cp install-scripts/uninstall-safe-chain.ps1 release-artifacts/uninstall-safe-chain.ps1
          cp install-scripts/install-endpoint-mac.sh release-artifacts/install-endpoint-mac.sh
          cp install-scripts/install-endpoint-windows.ps1 release-artifacts/install-endpoint-windows.ps1
          cp install-scripts/uninstall-endpoint-mac.sh release-artifacts/uninstall-endpoint-mac.sh
          cp install-scripts/uninstall-endpoint-windows.ps1 release-artifacts/uninstall-endpoint-windows.ps1

      - name: Upload binaries to existing GitHub Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh release upload ${{ needs.set-version.outputs.version }} \
            release-artifacts/safe-chain-macos-x64 \
            release-artifacts/safe-chain-macos-arm64 \
            release-artifacts/safe-chain-linux-x64 \
            release-artifacts/safe-chain-linux-arm64 \
            release-artifacts/safe-chain-linuxstatic-x64 \
            release-artifacts/safe-chain-linuxstatic-arm64 \
            release-artifacts/safe-chain-win-x64.exe \
            release-artifacts/safe-chain-win-arm64.exe \
            release-artifacts/install-safe-chain.sh \
            release-artifacts/install-safe-chain.ps1 \
            release-artifacts/uninstall-safe-chain.sh \
            release-artifacts/uninstall-safe-chain.ps1 \
            release-artifacts/install-endpoint-mac.sh \
            release-artifacts/install-endpoint-windows.ps1 \
            release-artifacts/uninstall-endpoint-mac.sh \
            release-artifacts/uninstall-endpoint-windows.ps1

  publish-npm:
    name: Publish to npm
    needs: [set-version, create-binaries]
    if: needs.set-version.outputs.is_prerelease != 'true'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: "lts/*"
          registry-url: "https://registry.npmjs.org/"
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}

      - name: Setup safe-chain
        run: curl -fsSL https://github.com/AikidoSec/safe-chain/releases/latest/download/install-safe-chain.sh | sh -s -- --ci

      - name: Set the version in safe-chain package
        run: npm --no-git-tag-version version ${{ needs.set-version.outputs.version }} --workspace=packages/safe-chain

      - name: Install dependencies
        run: npm ci

      - name: Run tests
        run: npm run test

      - name: Copy documentation files to package
        run: |
          cp README.md packages/safe-chain/
          cp LICENSE packages/safe-chain/
          cp -r docs packages/safe-chain/

      - name: Publish to npm
        run: |
          echo "Publishing version ${{ needs.set-version.outputs.version }} to NPM"
          npm publish --workspace=packages/safe-chain --access public --provenance