name: Release

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - dev

jobs:
  release:
    name: Release
    permissions:
      contents: write
      id-token: write
      attestations: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Cache Gradle
        uses: burrunan/gradle-cache-action@v1

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./gradlew assembleRelease

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "lts/*"
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          fingerprint: ${{ vars.GPG_FINGERPRINT }}

      - name: Setup keystore
        run: |
          echo "${{ secrets.KEYSTORE }}" | base64 --decode > "app/keystore.jks"

      - name: Semantic Release
        uses: cycjimmy/semantic-release-action@v4
        id: semantic
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
          KEYSTORE_ENTRY_ALIAS: ${{ secrets.KEYSTORE_ENTRY_ALIAS }}
          KEYSTORE_ENTRY_PASSWORD: ${{ secrets.KEYSTORE_ENTRY_PASSWORD }}

      - name: Attest
        if: steps.semantic.outputs.new_release_published == 'true'
        uses: actions/attest-build-provenance@v2
        with:
          subject-name: 'ReVanced Manager ${{ steps.release.outputs.new_release_git_tag }}'
          subject-path: app/build/outputs/apk/release/revanced-manager*.apk