name: Build and Release Sanctum

on:
  push:
    branches:
      - main
    tags:
      - 'v*'
  pull_request:

permissions:
  contents: write

jobs:
  build:
    name: Build App
    runs-on: docker

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Checkout assets
        run: git -c submodule."assets".update=checkout submodule update --init assets

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Install pnpm
        run: npm install -g pnpm@10.18.1

      - name: Install System Dependencies
        run: |
          apt-get update
          apt-get install -y zip jq curl

      - name: Install Project Dependencies
        run: pnpm install

      - name: Build Linux & Windows
        # We run both; if one fails, the whole job stops before reaching release logic
        run: |
          pnpm exec electron-forge make --platform linux --arch x64 --targets @electron-forge/maker-zip
          pnpm exec electron-forge make --platform win32 --arch x64 --targets @electron-forge/maker-zip

      - name: Create or Update Release
        if: startsWith(github.ref, 'refs/tags/v')
        env:
          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAG: ${{ github.ref_name }}
          BASE_URL: "https://git.mithraic.cloud/api/v1/repos/${{ github.repository }}"
        run: |
          echo "Processing release for $TAG..."

          # 1. Try to get existing release ID
          RELEASE_ID=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$BASE_URL/releases/tags/$TAG" | jq -r '.id // empty')

          # 2. Create release if it doesn't exist
          if [ -z "$RELEASE_ID" ]; then
            echo "Creating new release..."
            RELEASE_ID=$(curl -s -X POST "$BASE_URL/releases" \
              -H "Authorization: token $GITEA_TOKEN" \
              -H "Content-Type: application/json" \
              -d "{\"tag_name\":\"$TAG\",\"name\":\"Sanctum $TAG\",\"draft\":false,\"prerelease\":false}" | jq -r '.id')
          fi

          if [ "$RELEASE_ID" == "null" ] || [ -z "$RELEASE_ID" ]; then
            echo "::error::Could not determine Release ID"
            exit 1
          fi

          echo "Release ID: $RELEASE_ID"

          # 3. Upload loop with conflict handling
          find out/make -type f -name "*.zip" | while read FILE; do
            NAME=$(basename "$FILE")
            echo "Targeting asset: $NAME"

            # Check for existing asset with same name
            EXISTING_ASSET_ID=$(curl -s -H "Authorization: token $GITEA_TOKEN" "$BASE_URL/releases/$RELEASE_ID/assets" | \
              jq -r ".[] | select(.name==\"$NAME\") | .id // empty")

            if [ ! -z "$EXISTING_ASSET_ID" ]; then
              echo "Asset already exists (ID: $EXISTING_ASSET_ID). Deleting to avoid conflict..."
              curl -s -X DELETE -H "Authorization: token $GITEA_TOKEN" "$BASE_URL/releases/$RELEASE_ID/assets/$EXISTING_ASSET_ID"
            fi

            echo "Uploading $NAME..."
            HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
              "$BASE_URL/releases/$RELEASE_ID/assets?name=$NAME" \
              -H "Authorization: token $GITEA_TOKEN" \
              -F "attachment=@$FILE")

            if [ "$HTTP_CODE" -eq 201 ] || [ "$HTTP_CODE" -eq 200 ]; then
              echo "✅ Successfully uploaded $NAME"
            else
              echo "❌ Failed to upload $NAME (HTTP $HTTP_CODE)"
              exit 1
            fi
          done