name: Release

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - dev

jobs:
  release:
    name: Release
    permissions:
      contents: write
      id-token: write
      attestations: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true

      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          distribution: "temurin"
          java-version: "17"

      - name: Cache Gradle
        uses: burrunan/gradle-cache-action@v3

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./gradlew assembleRelease --no-daemon

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "lts/*"
          cache: 'npm'

      - name: Install dependencies
        run: npm install

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          fingerprint: ${{ vars.GPG_FINGERPRINT }}

      - name: Setup keystore
        run: |
          echo "${{ secrets.KEYSTORE }}" | base64 --decode > "keystore.jks"}

      - name: Semantic Release
        uses: cycjimmy/semantic-release-action@v4
        id: release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
          KEYSTORE_ENTRY_ALIAS: ${{ secrets.KEYSTORE_ENTRY_ALIAS }}
          KEYSTORE_ENTRY_PASSWORD: ${{ secrets.KEYSTORE_ENTRY_PASSWORD }}

      - name: Attest
        if: steps.release.outputs.new_release_published == 'true'
        uses: actions/attest-build-provenance@v2
        with:
          subject-name: 'ReVanced Downloader ${{ steps.release.outputs.new_release_git_tag }}'
          subject-path: downloaders/*/build/outputs/apk/release/*.apk