---
name: Release
run-name: Release ${{ inputs.release_type }}

on:
  workflow_dispatch:
    inputs:
      release_type:
        description: 'Release Options'
        required: true
        default: 'Initial Release'
        type: choice
        options:
          - Initial Release
          - Redeploy
          - Dry Run
      fdroid_publish:
        description: 'Publish to f-droid store'
        required: true
        default: true
        type: boolean

jobs:
  release:
    name: Create Release
    runs-on: ubuntu-20.04
    outputs:
      branch-name: ${{ steps.branch.outputs.branch-name }}
    steps:
      - name: Branch check
        if: github.event.inputs.release_type != 'Dry Run'
        run: |
          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
            echo "==================================="
            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
            echo "==================================="
            exit 1
          fi

      - name: Checkout repo
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0

      - name: Check Release Version
        id: version
        uses: bitwarden/gh-actions/release-version-check@8f055ef543c7433c967a1b9b04a0f230923233bb
        with:
          release-type: ${{ github.event.inputs.release_type }}
          project-type: xamarin
          file: src/Android/Properties/AndroidManifest.xml

      - name: Get branch name
        id: branch
        run: |
          BRANCH_NAME=$(basename ${{ github.ref }})
          echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT

      - name: Create GitHub deployment
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48
        id: deployment
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          initial-status: 'in_progress'
          environment: 'production'
          description: 'Deployment ${{ steps.version.outputs.version }} from branch ${{ steps.branch.outputs.branch-name }}'
          task: release


      - name: Download all artifacts
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ steps.branch.outputs.branch-name }}

      - name: Dry Run - Download all artifacts
        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: master

      - name: Prep Bitwarden iOS release asset
        run: zip -r Bitwarden\ iOS.zip Bitwarden\ iOS

      - name: Create release
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01  # v1.9.0
        with:
          artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
                      ./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk,
                      ./com.x8bit.bitwarden-fdroid.apk/com.x8bit.bitwarden-fdroid.apk,
                      ./Bitwarden iOS.zip,
                      ./bw-android-apk-sha256.txt/bw-android-apk-sha256.txt,
                      ./bw-fdroid-apk-sha256.txt/bw-fdroid-apk-sha256.txt"
          commit: ${{ github.sha }}
          tag: v${{ steps.version.outputs.version }}
          name: Version ${{ steps.version.outputs.version }}
          body: "<insert release notes here>"
          token: ${{ secrets.GITHUB_TOKEN }}
          draft: true

      - name: Update deployment status to Success
        if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          state: 'success'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

      - name: Update deployment status to Failure
        if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          state: 'failure'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}


  f-droid:
    name: F-Droid Release
    runs-on: ubuntu-20.04
    needs: release
    if: inputs.fdroid_publish
    steps:
      - name: Checkout repo
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0

      - name: Download F-Droid .apk artifact
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ needs.release.outputs.branch-name }}
          name: com.x8bit.bitwarden-fdroid.apk

      - name: Dry Run - Download F-Droid .apk artifact
        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: master
          name: com.x8bit.bitwarden-fdroid.apk

      - name: Set up Node
        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561  # v2.5.1
        with:
          node-version: '10.x'

      - name: Set up F-Droid server
        run: |
          sudo apt-get -qq update
          sudo apt-get -qqy install --no-install-recommends fdroidserver wget

      - name: Set up Git credentials
        env:
          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
        run: |
          git config --global credential.helper store
          echo "https://${ACCESS_TOKEN}:x-oauth-basic@github.com" >> ~/.git-credentials
          git config --global user.email "ci@bitwarden.com"
          git config --global user.name "Bitwarden CI"

      - name: Print environment
        run: |
          node --version
          npm --version
          git --version
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"

      - name: Install Node dependencies
        run: npm install

      - name: Decrypt secrets
        env:
          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
        run: |
          mkdir -p ~/secrets
          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
            --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg

      - name: Compile for F-Droid Store
        env:
          FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }}
        run: |
          cd $GITHUB_WORKSPACE
          mkdir dist
          cp CNAME ./dist
          cd store
          chmod 600 fdroid/config.py fdroid/keystore.jks
          mkdir -p temp/fdroid
          TEMP_DIR="$GITHUB_WORKSPACE/store/temp/fdroid"
          cd fdroid
          echo "keypass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py
          echo "keystorepass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py
          echo "local_copy_dir=\"$TEMP_DIR\"" >>config.py
          mkdir -p repo
          mv $GITHUB_WORKSPACE/com.x8bit.bitwarden-fdroid.apk ./repo/
          fdroid update
          fdroid server update
          cd ..
          rm -rf temp/fdroid/archive
          mv -v temp/fdroid ../dist
          cd fdroid
          cp index.html btn.png qr.png ../../dist/fdroid
          cd $GITHUB_WORKSPACE

      - name: Deploy to gh-pages
        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        run: npm run deploy