name: Release

on:
  push:
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"

jobs:
  release:
    name: Build and release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable

      - name: Install cross
        run: cargo install cross --git https://github.com/cross-rs/cross

      - name: Build linux-amd64
        run: cross build --release --target x86_64-unknown-linux-musl

      - name: Build linux-arm64
        run: cross build --release --target aarch64-unknown-linux-musl

      - name: Build windows-amd64
        run: cross build --release --target x86_64-pc-windows-gnu

      - name: Collect release artifacts
        run: |
          mkdir -p release
          cp target/x86_64-unknown-linux-musl/release/encrypted_archive release/encrypted_archive-linux-amd64
          cp target/aarch64-unknown-linux-musl/release/encrypted_archive release/encrypted_archive-linux-arm64
          cp target/x86_64-pc-windows-gnu/release/encrypted_archive.exe release/encrypted_archive-windows-amd64.exe
          cp kotlin/ArchiveDecoder.kt release/
          cp shell/decode.sh release/
          cd release && sha256sum * > SHA256SUMS

      - name: Create release via API
        env:
          TAG: ${{ gitea.ref_name }}
          TOKEN: ${{ secrets.GITEA_TOKEN }}
          API_URL: ${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}
        run: |
          BODY=$(cat <<'NOTES'
          ## encrypted_archive ${TAG}

          ### Artifacts

          | File | Description |
          |------|-------------|
          | `encrypted_archive-linux-amd64` | Linux x86_64 (static musl) |
          | `encrypted_archive-linux-arm64` | Linux aarch64 (static musl) |
          | `encrypted_archive-windows-amd64.exe` | Windows x86_64 |
          | `ArchiveDecoder.kt` | Kotlin/Android decoder (source) |
          | `decode.sh` | POSIX shell decoder (requires OpenSSL) |
          | `SHA256SUMS` | Checksums for all files |
          NOTES
          )

          # Create release
          RELEASE_ID=$(curl -s -X POST "${API_URL}/releases" \
            -H "Authorization: token ${TOKEN}" \
            -H "Content-Type: application/json" \
            -d "{
              \"tag_name\": \"${TAG}\",
              \"name\": \"${TAG}\",
              \"body\": $(echo "$BODY" | jq -Rs .),
              \"draft\": false,
              \"prerelease\": false
            }" | jq -r '.id')

          echo "Created release ID: ${RELEASE_ID}"

          # Upload each artifact
          for file in release/*; do
            filename=$(basename "$file")
            echo "Uploading ${filename}..."
            curl -s -X POST "${API_URL}/releases/${RELEASE_ID}/assets?name=${filename}" \
              -H "Authorization: token ${TOKEN}" \
              -F "attachment=@${file}"
          done

          echo "Release ${TAG} published with $(ls release/ | wc -l) assets"