.github/workflows/publish.yml

name: "publish"

# change this when ready to release if you want CI/CD
on: workflow_dispatch

env:
  CN_APPLICATION: cap/cap
  APP_CARGO_TOML: apps/desktop-solid/src-tauri/Cargo.toml

jobs:
  draft:
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.read_version.outputs.value }}
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v4

      - name: Read version number
        uses: SebRollen/toml-action@v1.0.2
        id: read_version
        with:
          file: ${{ env.APP_CARGO_TOML }}
          field: "package.version"

      - name: create draft release
        uses: crabnebula-dev/cloud-release@v0
        with:
          command: release draft ${{ env.CN_APPLICATION }} ${{ steps.read_version.outputs.value }} --framework tauri
          api-key: ${{ secrets.CN_API_KEY }}

  build:
    needs: draft
    permissions:
      contents: write
    runs-on: macos-latest
    strategy:
      fail-fast: false
      matrix:
        settings:
          - target: x86_64-apple-darwin
            prebuild: x86_64
          - target: aarch64-apple-darwin
            prebuild: aarch64
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Read version number
        uses: SebRollen/toml-action@v1.0.2
        id: read_version
        with:
          file: ${{ env.APP_CARGO_TOML }}
          field: "package.version"

      - name: create draft release
        uses: crabnebula-dev/cloud-release@v0
        with:
          command: release draft ${{ env.CN_APPLICATION }} ${{ steps.read_version.outputs.value }} --framework tauri
          api-key: ${{ secrets.CN_API_KEY }}

      - name: Create API Key File
        run: echo "${{ secrets.APPLE_API_KEY_FILE }}" > api.p8

      - uses: apple-actions/import-codesign-certs@v2
        with:
          p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }}
          p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}

      - name: Verify certificate
        run: security find-identity -v -p codesigning ${{ runner.temp }}/build.keychain

      - name: Rust setup
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: ${{ matrix.settings.target }}

      - name: Rust cache
        uses: swatinem/rust-cache@v2
        with:
          shared-key: ${{ matrix.settings.target }}

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 8.10.5

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: pnpm

      - name: Install dependencies
        run: pnpm install

      - name: Create .env file in root
        run: |
          echo "appVersion=${{ steps.read_version.outputs.value }}" >> .env
          echo "CAP_DESKTOP_SENTRY_URL=https://efd3156d9c0a8a49bee3ee675bec80d8@o4506859771527168.ingest.us.sentry.io/4506859844403200" >> .env
          echo "NEXT_PUBLIC_URL=${{ secrets.NEXT_PUBLIC_URL }}" >> .env
          echo 'NEXTAUTH_URL=${NEXT_PUBLIC_URL}' >> .env
          echo 'VITE_SERVER_URL=${NEXT_PUBLIC_URL}' >> .env

      - name: Copy .env to apps/desktop-solid
        run: cp .env apps/desktop-solid/.env

      - name: Output .env file
        run: cat apps/desktop-solid/.env

      - name: Build MacOS Apps
        # Install x86_64-apple-darwin for mac and build Tauri binaries
        # Build both intel and apple silicon
        working-directory: apps/desktop-solid
        run: |
          pnpm install
          node ${{ github.workspace }}/.github/prebuild.js ${{ matrix.settings.prebuild }}
          pnpm tauri build --target ${{ matrix.settings.target }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          # APPLE_ID: ${{ secrets.APPLE_ID }}
          # APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
          # APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
          APPLE_API_KEY_PATH: api.p8
          APPLE_KEYCHAIN: ${{ runner.temp }}/build.keychain
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}

      - name: upload assets
        uses: crabnebula-dev/cloud-release@v0
        with:
          command: release upload ${{ env.CN_APPLICATION }} "${{ needs.draft.outputs.version }}" --framework tauri
          api-key: ${{ secrets.CN_API_KEY }}