---
name: Release

on:
  workflow_dispatch:
    inputs:
      release_type:
        description: 'Release Options'
        required: true
        default: 'Initial Release'
        type: choice
        options:
          - Initial Release
          - Redeploy
          - Dry Run

jobs:
  release:
    name: Create Release
    runs-on: ubuntu-20.04
    outputs:
      branch-name: ${{ steps.branch.outputs.branch-name }}
    steps:
      - name: Branch check
        if: github.event.inputs.release_type != 'Dry Run'
        run: |
          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
            echo "==================================="
            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
            echo "==================================="
            exit 1
          fi

      - name: Checkout repo
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0

      - name: Retrieve Mobile release version
        id: retrieve-mobile-version
        run: |
          ver=$(sed -E -n '/^<manifest/s/^.*[ ]android:versionName="([^"]+)".*$/\1/p' \
          ./src/Android/Properties/AndroidManifest.xml | tr -d '"')
          echo "::set-output name=mobile_version::${ver}"
        shell: bash

      - name: Check to make sure Mobile release version has been bumped
        if: ${{ github.event.inputs.release_type == 'Initial Release' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          latest_ver=$(hub release -L 1 -f '%T')
          latest_ver=${latest_ver:1}
          echo "Latest version: $latest_ver"
          ver=${{ steps.retrieve-mobile-version.outputs.mobile_version }}
          echo "Version: $ver"
          if [ "$latest_ver" = "$ver" ]; then
            echo "Version has not been bumped!"
            exit 1
          fi
        shell: bash

      - name: Get branch name
        id: branch
        run: |
          BRANCH_NAME=$(basename ${{ github.ref }})
          echo "::set-output name=branch-name::$BRANCH_NAME"

      - name: Download all artifacts
        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ steps.branch.outputs.branch-name }}

      - name: Prep Bitwarden iOS release asset
        run: zip -r Bitwarden\ iOS.zip Bitwarden\ iOS

      - name: Create release
        if: github.event.inputs.release_type != 'Dry Run'
        uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01  # v1.9.0
        with:
          artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
                      ./com.x8bit.bitwarden.apk/com.x8bit.bitwarden.apk,
                      ./com.x8bit.bitwarden-fdroid.apk/com.x8bit.bitwarden-fdroid.apk,
                      ./Bitwarden iOS.zip"
          commit: ${{ github.sha }}
          tag: v${{ steps.retrieve-mobile-version.outputs.mobile_version }}
          name: Version ${{ steps.retrieve-mobile-version.outputs.mobile_version }}
          body: "<insert release notes here>"
          token: ${{ secrets.GITHUB_TOKEN }}
          draft: true


  f-droid:
    name: F-Droid Release
    runs-on: ubuntu-20.04
    needs: release
    steps:
      - name: Checkout repo
        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0

      - name: Download F-Droid .apk artifact
        uses: dawidd6/action-download-artifact@575b1e4167df67acf7e692af784566618b23c71e  # v2.17.10
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ needs.release.outputs.branch-name }}
          name: com.x8bit.bitwarden-fdroid.apk

      - name: Set up Node
        uses: actions/setup-node@1f8c6b94b26d0feae1e387ca63ccbdc44d27b561  # v2.5.1
        with:
          node-version: '10.x'

      - name: Set up F-Droid server
        run: |
          sudo apt-get -qq update
          sudo apt-get -qqy install --no-install-recommends fdroidserver wget

      - name: Set up Git credentials
        env:
          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
        run: |
          git config --global credential.helper store
          echo "https://${ACCESS_TOKEN}:x-oauth-basic@github.com" >> ~/.git-credentials
          git config --global user.email "ci@bitwarden.com"
          git config --global user.name "Bitwarden CI"

      - name: Print environment
        run: |
          node --version
          npm --version
          git --version
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"

      - name: Install Node dependencies
        run: npm install

      - name: Decrypt secrets
        env:
          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
        run: |
          mkdir -p ~/secrets
          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
            --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg

      - name: Compile for F-Droid Store
        env:
          FDROID_STORE_KEYSTORE_PASSWORD: ${{ secrets.FDROID_STORE_KEYSTORE_PASSWORD }}
        run: |
          cd $GITHUB_WORKSPACE
          mkdir dist
          cp CNAME ./dist
          cd store
          chmod 600 fdroid/config.py fdroid/keystore.jks
          mkdir -p temp/fdroid
          TEMP_DIR="$GITHUB_WORKSPACE/store/temp/fdroid"
          cd fdroid
          echo "keypass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py
          echo "keystorepass=\"$FDROID_STORE_KEYSTORE_PASSWORD\"" >>config.py
          echo "local_copy_dir=\"$TEMP_DIR\"" >>config.py
          mkdir -p repo
          mv $GITHUB_WORKSPACE/com.x8bit.bitwarden-fdroid.apk ./repo/
          fdroid update
          fdroid server update
          cd ..
          rm -rf temp/fdroid/archive
          mv -v temp/fdroid ../dist
          cd fdroid
          cp index.html btn.png qr.png ../../dist/fdroid
          cd $GITHUB_WORKSPACE

      - name: Deploy to gh-pages
        if: github.event.inputs.release_type != 'Dry Run'
        run: npm run deploy