.github/workflows/apx-gcs-release.yml

name: APX GCS CI

on:
  push:
    tags:
      - "release-*"
      - "test-*"

env:
  BUILD_DIR: build-release

jobs:
  build-linux:
    name: Build Linux
    runs-on: ubuntu-latest
    # if: "false"

    container:
      image: uavos/apx-gcs-linux:latest
      options: --privileged

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive
          fetch-tags: true
          fetch-depth: 0
      - run: git config --global --add safe.directory `pwd`

      # - name: Setup vscode tunnel # https://code.visualstudio.com/docs/remote/tunnels
      #   run: |
      #     curl -Lk 'https://code.visualstudio.com/sha/download?build=stable&os=cli-alpine-x64' --output vscode_cli.tar.gz
      #     tar -xf vscode_cli.tar.gz
      #     ./code tunnel --accept-server-license-terms

      - name: Build package
        run: make release-package

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          path: |
            ${{ env.BUILD_DIR }}/deploy/*.AppImage
          name: apx-gcs-linux
          if-no-files-found: error
          retention-days: 1

  build-macos:
    name: Build MacOS
    runs-on: macos-latest
    env:
      VERSION_QT: 6.8.1
      VERSION_SDL: 2.30.8
      VERSION_GST: 1.22.5

      # we replace system python with brew python
      PYTHONPATH: /Library/Frameworks/Python.framework/Versions/3.12/lib/python3.12/site-packages

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive
          fetch-tags: true
          fetch-depth: 0
      - run: git config --global --add safe.directory `pwd`

      # - name: Setup tmate session
      #   uses: mxschmitt/action-tmate@v3

      - name: Install Tools (python)
        run: |
          pip3 install networkx simplejson jinja2 pyyaml dmgbuild aqtinstall --break-system-packages

      - name: Install Qt
        working-directory: /tmp
        run: |
          aqt install-qt mac desktop $VERSION_QT -m \
            qtshadertools qt5compat qtcharts qtmultimedia \
            qtspeech qtlocation qtpositioning qtserialport
          echo "/tmp/$VERSION_QT/macos/bin" >> $GITHUB_PATH

      - name: Install SDL
        working-directory: /tmp
        run: |
          curl -L https://github.com/libsdl-org/SDL/releases/download/release-$VERSION_SDL/SDL2-$VERSION_SDL.dmg --output sdl.dmg
          hdiutil attach -noverify sdl.dmg
          sudo cp -a /Volumes/SDL2/SDL2.framework /Library/Frameworks/
          hdiutil detach /Volumes/SDL2
          rm -f sdl.dmg

      - name: Install GST
        working-directory: /tmp
        run: |
          curl -L https://gstreamer.freedesktop.org/data/pkg/osx/$VERSION_GST/gstreamer-1.0-$VERSION_GST-universal.pkg --output gst.pkg
          curl -L https://gstreamer.freedesktop.org/data/pkg/osx/$VERSION_GST/gstreamer-1.0-devel-$VERSION_GST-universal.pkg --output gst-devel.pkg
          sudo installer -package gst.pkg -target /
          sudo installer -package gst-devel.pkg -target /
          rm -f gst*.pkg

      # - name: Setup tmate session
      #   uses: mxschmitt/action-tmate@v3

      - name: Install KEYS
        env:
          KEYCHAIN: default.keychain
          KEYCHAIN_PASSWORD: uavos
          # base64 -i build_certificate.p12 | pbcopy
          SIGNING_CERTIFICATE_P12_DATA: ${{ secrets.SIGNING_CERTIFICATE_P12_DATA }}
          SIGNING_CERTIFICATE_PASSWORD: ${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}
          CODE_IDENTITY: ${{ secrets.CODE_IDENTITY }}
        run: |
          security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
          security default-keychain -s $KEYCHAIN
          security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
          security set-keychain-settings $KEYCHAIN
          security list-keychains -s $KEYCHAIN
          security import <(echo $SIGNING_CERTIFICATE_P12_DATA | base64 --decode) -f pkcs12 -k $KEYCHAIN -P $SIGNING_CERTIFICATE_PASSWORD -T /usr/bin/codesign
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN
          security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN
          security -v find-identity -s $CODE_IDENTITY

      - name: Build package
        env:
          CODE_IDENTITY: ${{ secrets.CODE_IDENTITY }}
          QT_PATH: /tmp/$VERSION_QT/macos
          LD_LIBRARY_PATH: $QT_PATH/lib
          PKG_CONFIG_PATH: $QT_PATH/lib/pkgconfig
          CMAKE_PREFIX_PATH: $QT_PATH/lib/cmake

        run: |
          make release-package

      - name: Notarize package
        env:
          NOTARIZATION_API_KEY_ID: ${{ secrets.NOTARIZATION_API_KEY_ID }}
          NOTARIZATION_API_KEY: ${{ secrets.NOTARIZATION_API_KEY }}
          NOTARIZATION_API_ISSUER: ${{ secrets.NOTARIZATION_API_ISSUER }}
        run: |
          echo $NOTARIZATION_API_KEY | base64 --decode > notarization_api_key
          xcrun notarytool submit ${{ env.BUILD_DIR }}/deploy/*.dmg --key notarization_api_key --key-id $NOTARIZATION_API_KEY_ID --issuer $NOTARIZATION_API_ISSUER --wait
          xcrun stapler staple ${{ env.BUILD_DIR }}/deploy/*.dmg

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          path: |
            ${{ env.BUILD_DIR }}/deploy/*.dmg
          name: apx-gcs-macos
          if-no-files-found: error
          retention-days: 1

  publish:
    name: Publish Release
    needs: [build-linux, build-macos]
    runs-on: ubuntu-latest
    if: ${{ !startsWith(github.event.ref, 'refs/tags/test-') }}
    # if: "false"
    steps:
      - uses: actions/checkout@v4
      - uses: actions/download-artifact@v4
        with:
          path: package
      - name: Collecting files
        id: package
        working-directory: package
        run: |
          find . -mindepth 2 -type f -exec mv -f '{}' . ';'
          ls -la *.*
          VERSION=${{ github.ref }}
          VERSION=$(echo ${VERSION##*/} | sed 's/^release-//')
          echo "Version: $VERSION"
          echo "::set-output name=path::$(pwd)"
          echo "::set-output name=version::$VERSION"

      - name: Generate release text
        run: |
          cp -f docs/releases/release-${{ steps.package.outputs.version }}.md changes.md
          sed -i 's/^#/###/g' changes.md

      - name: Create Release draft
        id: create_release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.CI_PAT }}
        with:
          tag_name: release-${{ steps.package.outputs.version }}
          release_name: APX Ground Control ${{ steps.package.outputs.version }}
          body_path: changes.md
          draft: true
          prerelease: true

      - name: Publish release
        uses: actions/github-script@v7
        with:
          github-token: ${{secrets.CI_PAT}}
          script: |
            const fs = require('fs').promises;

            const { repo: { owner, repo }, sha } = context;

            for (let file of await fs.readdir('package', {withFileTypes:true})) {
              if (!file.isFile())
                continue;
              if (file.name.endsWith('.xml'))
                continue;
              console.log('uploading', file.name);
              await github.rest.repos.uploadReleaseAsset({
                owner, repo,
                release_id: "${{ steps.create_release.outputs.id }}",
                name: file.name,
                data: await fs.readFile(`package/${file.name}`)
              });            
            }

            github.rest.repos.updateRelease({
              owner, repo,
              release_id: "${{ steps.create_release.outputs.id }}",
              draft: false
            });