name: Release

on:
  release:
    types: [released, prereleased]

permissions:
  id-token: write
  contents: write
  packages: write

jobs:
  build-and-publish:
    runs-on: ubuntu-latest
    steps:
      # --- Checkout Code ---
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      # --- Setup Bun ---
      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest

      # --- Setup Deno ---
      - name: Setup Deno
        uses: denoland/setup-deno@v2
        with:
          deno-version: v2.x

      # --- Cache Bun Dependencies ---
      - name: Cache Bun Dependencies
        uses: actions/cache@v4
        with:
          path: |
            ~/.bun/install/cache
            packages/web/node_modules
          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lockb') }}
          restore-keys: |
            ${{ runner.os }}-bun-

      # --- Cache Deno Dependencies ---
      - name: Cache Deno Dependencies
        uses: actions/cache@v4
        with:
          path: ~/.cache/deno
          key: ${{ runner.os }}-deno-${{ hashFiles('**/deno.lock') }}
          restore-keys: |
            ${{ runner.os }}-deno-

      # --- Determine Changed Packages ---
      - name: Get Changed Package Directories
        id: changed_packages
        uses: tj-actions/changed-files@v46
        with:
          dir_names: true
          files: packages/**
          files_ignore: "packages/web/**,packages/transport-deno/npm/**"

      # --- Setup Node for NPM Publishing ---
      - name: Setup Node.js
        if: steps.changed_packages.outputs.all_changed_and_modified_files != ''
        uses: actions/setup-node@v4
        with:
          node-version: 22
          registry-url: "https://registry.npmjs.org"

      - name: Verify NPM Authentication
        if: steps.changed_packages.outputs.all_changed_and_modified_files != ''
        run: npm whoami
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

      # --- Build and Publish Changed Packages ---
      - name: Build and Publish Changed Packages
        if: steps.changed_packages.outputs.all_changed_and_modified_files != ''
        run: |
          set -euo pipefail

          excluded=("packages/web" "packages/transport-deno" "packages/transport-node")

          for pkg_dir in ${{ steps.changed_packages.outputs.all_changed_and_modified_files }}; do
            echo "🔍 Inspecting $pkg_dir"

            if printf '%s\n' "${excluded[@]}" | grep -q "^$pkg_dir$"; then
              echo "⏭️ Skipping excluded package: $pkg_dir"
              continue
            fi

            if [[ -f "$pkg_dir/jsr.json" ]]; then
              echo "🦕 Publishing to NPM: $pkg_dir"
              bun run build:npm $pkg_dir
              echo "📦 Publishing to JSR"
              (cd "$pkg_dir" && deno publish --allow-dirty)
            elif [[ -f "$pkg_dir/bun.lock" ]]; then
              echo "🥖 Building with Bun: $pkg_dir"
              (cd "$pkg_dir" && bun install && bun run build)
            else
              echo "❓ No recognizable build config in $pkg_dir — skipping"
              continue
            fi

            if [[ -d "$pkg_dir/npm" ]]; then
              echo "📤 Publishing to NPM: $pkg_dir"
              npm publish "$pkg_dir/npm" --access public
            fi
          done
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

      - name: No Packages Changed
        if: steps.changed_packages.outputs.all_changed_and_modified_files == ''
        run: echo "✅ No changed packages detected. Skipping publish."

      # --- Web Package Specific Tasks ---
      - name: Check for Web Package Changes
        id: web_changes
        run: |
          if [[ "${{ steps.changed_packages.outputs.all_changed_and_modified_files }}" == *"packages/web"* ]]; then
            echo "web_changed=true" >> $GITHUB_OUTPUT
          else
            echo "web_changed=false" >> $GITHUB_OUTPUT
          fi

      - name: Run Web App Tests
        if: steps.web_changes.outputs.web_changed == 'true'
        working-directory: packages/web
        run: bun run test

      - name: Create Web App Release Archive
        if: steps.web_changes.outputs.web_changed == 'true'
        working-directory: packages/web
        run: bun run package

      - name: Upload Web App Archive
        if: steps.web_changes.outputs.web_changed == 'true'
        uses: actions/upload-artifact@v4
        with:
          name: web-build
          if-no-files-found: error
          path: packages/web/dist/build.tar

      - name: Attach Web Archive to GitHub Release
        if: steps.web_changes.outputs.web_changed == 'true'
        run: gh release upload ${{ github.event.release.tag_name }} packages/web/dist/build.tar
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # --- Build & Push Container Image ---
      - name: Set up QEMU
        if: steps.web_changes.outputs.web_changed == 'true'
        uses: docker/setup-qemu-action@v3

      - name: Build Container Image
        if: steps.web_changes.outputs.web_changed == 'true'
        id: build-container
        uses: redhat-actions/buildah-build@v2
        with:
          containerfiles: |
            ./infra/Containerfile
          image: ghcr.io/${{ github.repository }}
          tags: latest, ${{ github.event.release.tag_name }}
          oci: true
          platforms: linux/amd64, linux/arm64

      - name: Push Container to GHCR
        if: steps.web_changes.outputs.web_changed == 'true'
        id: push-to-registry
        uses: redhat-actions/push-to-registry@v2
        with:
          image: ${{ steps.build-container.outputs.image }}
          tags: ${{ steps.build-container.outputs.tags }}
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Output Image URL
        if: steps.web_changes.outputs.web_changed == 'true'
        run: echo "🖼️ Image pushed to ${{ steps.push-to-registry.outputs.registry-paths }}"