name: Release

on:
  push:
    tags:
      - "v*.*.*"

jobs:
  release:
    permissions:
      id-token: write  # Required for OIDC
      contents: write  # for softprops/action-gh-release to create GitHub release
    runs-on: ubuntu-latest
    environment: release
    steps:
      - name: Checkout
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install ldid
        run: |
          sudo apt-get update
          sudo apt-get install git build-essential libplist-dev libssl-dev openssl qemu-user-binfmt pkg-config
          cd /tmp
          git clone https://gitlab.com/opensource-saurik/ldid.git
          cd ldid
          git checkout c2f8abf013b22c335f44241a6a552a7767e73419
          git submodule update --init
          gcc -I. -c -o lookup2.o lookup2.c
          g++ -std=c++11 -o ldid lookup2.o ldid.cpp -I. -lcrypto $(pkg-config --cflags --libs libplist-2.0) -lxml2
          sudo mv ldid /usr/local/bin
      - name: Install pnpm
        uses: pnpm/action-setup@6e7bdbda5fe05107efc88b23b7ed00aa05f84ca0
        with:
          standalone: true
      - name: Setup Node
        run: pn runtime -g set node 25.6.1
        timeout-minutes: 2
      - name: pnpm install
        run: pn install
      - name: Publish Packages
        continue-on-error: true
        env:
          # setting the "npm_config_//registry.npmjs.org/:_authToken" env variable directly doesn't work.
          # probably "pnpm release" doesn't pass auth tokens to child processes
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          pn config set "//registry.npmjs.org/:_authToken" "${NPM_TOKEN}"
          pn release
      - name: Copy Artifacts
        run: pn copy-artifacts
      - name: Generate release description
        run: pn make-release-description
      - name: Release
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
        with:
          draft: true
          files: dist/*
          body_path: RELEASE.md