---
name: Version Bump
run-name: Version Bump - v${{ inputs.version_number }}

on:
  workflow_dispatch:
    inputs:
      version_number:
        description: "New version (example: '2024.1.0')"
        required: true
      cut_rc_branch:
        description: "Cut RC branch?"
        default: true
        type: boolean

jobs:
  bump_version:
    name: "Bump Version to v${{ inputs.version_number }}"
    runs-on: ubuntu-22.04
    steps:
      - name: Login to Azure - CI Subscription
        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
        with:
         creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
          secrets: "github-gpg-private-key,
            github-gpg-private-key-passphrase,
            github-pat-bitwarden-devops-bot-repo-scope"

      - name: Checkout Branch
        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
        with:
          ref: main
          repository: bitwarden/mobile

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@d6f3f49f3345e29369fe57596a3ca8f94c4d2ca7 # v5.4.0
        with:
          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
          git_user_signingkey: true
          git_commit_gpgsign: true

      - name: Create Version Branch
        id: create-branch
        run: |
          NAME=version_bump_${{ github.ref_name }}_${{ inputs.version_number }}
          git switch -c $NAME
          echo "name=$NAME" >> $GITHUB_OUTPUT

      - name: Install xmllint
        run: sudo apt install -y libxml2-utils

      - name: Verify input version
        env:
          NEW_VERSION: ${{ inputs.version_number }}
        run: |
          CURRENT_VERSION=$(xmllint --xpath '
            string(/manifest/@*[local-name()="versionName" 
              and namespace-uri()="http://schemas.android.com/apk/res/android"])
            ' src/Android/Properties/AndroidManifest.xml)

          # Error if version has not changed.
          if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
            echo "Version has not changed."
            exit 1
          fi

          # Check if version is newer.
          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
          if [ $? -eq 0 ]; then
            echo "Version check successful."
          else
            echo "Version check failed."
            exit 1
          fi

      - name: Bump Version - Android XML
        uses: bitwarden/gh-actions/version-bump@main
        with:
          version: ${{ inputs.version_number }}
          file_path: "src/Android/Properties/AndroidManifest.xml"

      - name: Bump Version - iOS.Autofill
        uses: bitwarden/gh-actions/version-bump@main
        with:
          version: ${{ inputs.version_number }}
          file_path: "src/iOS.Autofill/Info.plist"

      - name: Bump Version - iOS.Extension
        uses: bitwarden/gh-actions/version-bump@main
        with:
          version: ${{ inputs.version_number }}
          file_path: "src/iOS.Extension/Info.plist"

      - name: Bump Version - iOS.ShareExtension
        uses: bitwarden/gh-actions/version-bump@main
        with:
          version: ${{ inputs.version_number }}
          file_path: "src/iOS.ShareExtension/Info.plist"

      - name: Bump Version - iOS
        uses: bitwarden/gh-actions/version-bump@main
        with:
          version: ${{ inputs.version_number }}
          file_path: "src/iOS/Info.plist"

      - name: Setup git
        run: |
          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
          git config --local user.name "bitwarden-devops-bot"

      - name: Check if version changed
        id: version-changed
        run: |
          if [ -n "$(git status --porcelain)" ]; then
            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
          else
            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
            echo "No changes to commit!";
          fi

      - name: Commit files
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
        run: git commit -m "Bumped version to ${{ inputs.version_number }}" -a

      - name: Push changes
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
        env:
          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
        run: git push -u origin $PR_BRANCH

      - name: Create Version PR
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
        id: create-pr
        env:
          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
          TITLE: "Bump version to ${{ inputs.version_number }}"
        run: |
          PR_URL=$(gh pr create --title "$TITLE" \
            --base "main" \
            --head "$PR_BRANCH" \
            --label "version update" \
            --label "automated pr" \
            --body "
              ## Type of change
              - [ ] Bug fix
              - [ ] New feature development
              - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
              - [ ] Build/deploy pipeline (DevOps)
              - [X] Other

              ## Objective
              Automated version bump to ${{ inputs.version_number }}")
          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT

      - name: Approve PR
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
        run: gh pr review $PR_NUMBER --approve

      - name: Merge PR
        env:
          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
        run: gh pr merge $PR_NUMBER --squash --auto --delete-branch

  cut_rc:
    name: Cut RC branch
    needs: bump_version
    if: ${{ inputs.cut_rc_branch == true }}
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout Branch
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          ref: main

      - name: Check if RC branch exists
        run: |
          remote_rc_branch_check=$(git ls-remote --heads origin rc | wc -l)
          if [[ "${remote_rc_branch_check}" -gt 0 ]]; then
            echo "Remote RC branch exists."
            echo "Please delete current RC branch before running again."
            exit 1
          fi

      - name: Cut RC branch
        run: |
          git switch --quiet --create rc
          git push --quiet --set-upstream origin rc