name: insider-macos

on:
  workflow_dispatch:
    inputs:
      release_version:
        type: string
        description: Forced release version
      new_release:
        type: boolean
        description: Force new Release
      test_asset_builder:
        type: boolean
        description: Test the assets builder
  schedule:
    - cron: '0 8 * * *'
  push:
    branches: [ insider ]
    paths-ignore:
    - '**/*.md'
  pull_request:
    branches: [ insider ]
    paths-ignore:
    - '**/*.md'

env:
  APP_NAME: VSCodium
  ASSETS_REPOSITORY: ${{ github.repository }}-insiders
  GITHUB_BRANCH: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || 'insider' }}
  OS_NAME: osx
  VERSIONS_REPOSITORY: ${{ github.repository_owner }}/versions
  VSCODE_QUALITY: insider

jobs:
  build:
    runs-on: ${{ matrix.runner }}
    env:
      VSCODE_ARCH: ${{ matrix.vscode_arch }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - runner: macos-12
            vscode_arch: x64
          - runner: [self-hosted, macOS, ARM64]
            vscode_arch: arm64

    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: Setup Node.js environment
        uses: actions/setup-node@v3
        with:
          node-version: '18'

      - name: Clone VSCode repo
        env:
          RELEASE_VERSION: ${{ github.event.inputs.release_version }}
        run: . get_repo.sh

      - name: Check PR or cron
        env:
          TEST_ASSET_BUILDER: ${{ github.event.inputs.test_asset_builder }}
        run: . check_cron_or_pr.sh

      - name: Check existing VSCodium tags/releases
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NEW_RELEASE: ${{ github.event.inputs.new_release }}
        run: . check_tags.sh
        if: env.SHOULD_DEPLOY == 'yes'

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./build.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Prepare assets
        env:
          CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
          CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }}
          CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_ID }}
        run: ./prepare_assets.sh
        if: env.SHOULD_BUILD == 'yes' && (env.SHOULD_DEPLOY == 'yes' || github.event.inputs.test_asset_builder == 'true')

      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}
          GITHUB_USERNAME: ${{ github.repository_owner }}
        run: ./release.sh
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'

      - name: Update versions repo
        env:
          GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}
          GITHUB_USERNAME: ${{ github.repository_owner }}
        run: ./update_version.sh
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'

      - name: Clean up keychain
        if: always()
        run: |
          KEYCHAIN=$RUNNER_TEMP/build.keychain

          if [ -f "$KEYCHAIN" ];
          then
            security delete-keychain $KEYCHAIN
          fi