name: Package and release

on: [workflow_call]

permissions: {}

jobs:
  package-macos:
    runs-on: macos-11
    strategy:
      matrix:
        setup:
        - macos-deployment-version: 11
          python-version: 3.12.1-macos11
          python-sha256sum: 6178e42679eb83196240fc58b1438f481c32c2b0557f28ccf43aa7b1b80b7c4a
    env:
      DISCID_VERSION: 0.6.4
      DISCID_SHA256SUM: 829133dd38acbdaa2b989de59e256c8d139ac34cb4dd4b8fd3c9d55a97c824f3
      FPCALC_VERSION: 1.5.1
      FPCALC_SHA256SUM: d4d8faff4b5f7c558d9be053da47804f9501eaa6c2f87906a9f040f38d61c860
      PYTHON_VERSION: ${{ matrix.setup.python-version }}
      PYTHON_SHA256SUM: ${{ matrix.setup.python-sha256sum }}
      MACOSX_DEPLOYMENT_TARGET: ${{ matrix.setup.macos-deployment-version }}
      CODESIGN: 0
    steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 0  # Fetch entire history, needed for setting the build number
    - run: git fetch --depth=1 origin +refs/tags/release-*:refs/tags/release-*
    - name: Setup macOS build environment
      run: |
        ./scripts/package/macos-setup.sh
        PYTHON_BASE_VERSION=$(echo $PYTHON_VERSION | sed -e "s/\.[0-9]\{1,\}$//")
        echo "/Library/Frameworks/Python.framework/Versions/$PYTHON_BASE_VERSION/bin" >> $GITHUB_PATH
        echo "/usr/local/opt/gettext/bin" >> $GITHUB_PATH
        RELEASE_TAG=$(git describe --match "release-*" --abbrev=0 --always HEAD)
        BUILD_NUMBER=$(git rev-list --count $RELEASE_TAG..HEAD)
        echo "BUILD_NUMBER=$BUILD_NUMBER" >> $GITHUB_ENV
        mkdir artifacts
        python3 -m pip install --upgrade pip setuptools wheel
    - name: Patch build version
      if: startsWith(github.ref, 'refs/tags/') != true
      run: |
        python3 setup.py patch_version --platform=$BUILD_NUMBER.$(git rev-parse --short HEAD)
    - name: Install dependencies
      run: |
        pip3 install -r requirements-build.txt
        pip3 install -r requirements-macos-${MACOSX_DEPLOYMENT_TARGET}.txt
      env:
        PYINSTALLER_COMPILE_BOOTLOADER: "1"
    - name: Run tests
      timeout-minutes: 30
      run: |
        python3 setup.py test
    - name: Prepare code signing certificate
      run: |
        if [ -n "$CODESIGN_MACOS_P12_URL" ] && [ -n "$AWS_ACCESS_KEY_ID" ]; then
          pip3 install awscli
          aws s3 cp "$CODESIGN_MACOS_P12_URL" ./scripts/package/appledev.p12
        else
          echo "::warning::No code signing certificate available, skipping code signing."
        fi
      env:
        AWS_DEFAULT_REGION: eu-central-1
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        CODESIGN_MACOS_P12_URL: ${{ secrets.CODESIGN_MACOS_P12_URL }}
    - name: Build macOS app
      run: |
        ./scripts/package/macos-package-app.sh
        rm -f ./scripts/package/appledev.p12
        mv dist/*.dmg artifacts/
      env:
        APPLE_ID_USER: ${{ secrets.APPLE_ID_USER }}
        APPLE_ID_TEAM: ${{ secrets.APPLE_ID_TEAM }}
        APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
        CODESIGN_MACOS_P12_PASSWORD: ${{ secrets.CODESIGN_MACOS_P12_PASSWORD }}
    - name: Archive production artifacts
      uses: actions/upload-artifact@v4
      with:
        name: macos-app-${{ matrix.setup.macos-deployment-version }}
        path: artifacts/