.github/workflows/release.yml

name: Publish

on:
  push:
    tags:
      - v*
     
# Apply env to all jobs   
env:
  GRADLE_OPTS: "-Dorg.gradle.daemon=false"
  SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  PUBLISH_BUCKET: ${{ secrets.PUBLISH_BUCKET }}
  
jobs:
  build-jars:
    strategy:
      matrix:
        os: [ubuntu-latest, windows-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Cache
        uses: actions/cache@v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('subprocess/settings.gradle', 'subprocess/gradle/wrapper/gradle-wrapper.properties', 'subprocess/build.gradle', 'subprocess/gradle.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-
      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: 21
      - name: Build subprocess
        env:
          GITHUB_BRANCH: "release" # TODO: Resolve this properly for alpha and beta releases
        run: |
          cd subprocess
          ./gradlew clean build -si
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: subprocess-jar-${{ matrix.os }}
          path: |
            subprocess/build/libs/
  
  # Publish
  build-releases:
    name: Prepare releases
    strategy: 
      matrix:
        include:
          - os: ubuntu-latest
            platform: linux
            arch: "--x64 --arm64"
            target: "-l"
          - os: windows-latest
            platform: windows
            arch: "--x64"
            target: "-w"
          - os: macos-latest
            platform: macos
            arch: "--x64 --arm64"
            target: "-m"
    runs-on: ${{ matrix.os }}
    needs: build-jars
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Download jar
        uses: actions/download-artifact@v4
        with:
          name: subprocess-jar-${{ matrix.os }}
          path: subprocess/build/libs/
      - name: Ensure jar exists
        if: ${{ matrix.os == 'macos-latest' || matrix.os == 'linux-latest' }}
        run: |
          stat subprocess/build/libs/*.jar || exit 1
      - name: Ensure jar exists
        if: ${{ matrix.os == 'windows-latest' }}
        run: |
          dir subprocess/build/libs/*.jar || exit 1
      - name: Write apple id
        if: ${{ matrix.os == 'macos-latest' }}
        env:
          APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
        run: |
          echo "$APPLE_API_KEY" > apple_api_key.p8
          find apple_api_key.p8 -size +0c || exit 1
      - name: Download AzureSignTool from nuget
        if: ${{ matrix.os == 'windows-latest' }}
        run: |
          dotnet tool install --global AzureSignTool --version 5.0.0   
      - name: Build frontend
        env:
          VUE_APP_PLATFORM: "electron"
          APP_TARGET_PLATFORM: ${{ matrix.platform }}
          SLACK_ENDPOINT: ${{ secrets.SLACK_ENDPOINT }}
          VUE_APP_TARGET_PLATFORM: ${{ matrix.platform }}
          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
          CSC_LINK: ${{ secrets.CSC_LINK }}
          APPLE_API_ISSUER: ${{ secrets.APPLE_API_ISSUER }}
          APPLE_API_KEY: "./apple_api_key.p8"
          APPLE_API_KEY_ID: ${{ secrets.APPLE_API_KEY_ID }}
          AZURE_KEY_VAULT_URL: ${{ secrets.AZURE_KEY_VAULT_URL }}
          AZURE_KEY_VAULT_CLIENT_ID: ${{ secrets.AZURE_KEY_VAULT_CLIENT_ID }}
          AZURE_KEY_VAULT_CLIENT_SECRET: ${{ secrets.AZURE_KEY_VAULT_CLIENT_SECRET }}
          AZURE_KEY_VAULT_CERTIFICATE_NAME: ${{ secrets.AZURE_KEY_VAULT_CERTIFICATE_NAME }}
          AZURE_KEY_VAULT_TENANT_ID: ${{ secrets.AZURE_KEY_VAULT_TENANT_ID }}
        run: |
          npm install --global pnpm@9.15.0 || true
          pnpm config set store-dir .pnpm-store
          pnpm install --no-frozen-lockfile
          pnpm gen:license
          pnpm build --publish always ${{ matrix.target }} ${{ matrix.arch }}
      - name: Upload Mac artifacts
        if: ${{ matrix.os == 'macos-latest' }}
        uses: actions/upload-artifact@v4
        with:
          name: release-${{ matrix.os }}
          path: |
            release/ftb-app-*.dmg
            release/ftb-app-*.zip
            release/*.blockmap
            release/*-mac.yml
      - name: Upload Windows artifacts
        uses: actions/upload-artifact@v4
        if: ${{ matrix.os == 'windows-latest' }}
        with:
          name: release-${{ matrix.os }}
          path: |
            release/ftb-app-*.exe
            release/*.blockmap
            release/latest.yml
            release/alpha.yml
            release/beta.yml
      - name: Upload Linux artifacts
        if: ${{ matrix.os == 'ubuntu-latest' }}
        uses: actions/upload-artifact@v4
        with:
          name: release-${{ matrix.os }}
          path: |
            release/ftb-app-*.deb
            release/ftb-app-*.AppImage
            release/ftb-app-*.rpm
            release/*-linux.yml
            release/*-linux-*.yml

  build-overwolf:
    name: Prepare Overwolf
    # Skip this job if the commit message contains [-skip overwolf]
    if: "!contains(github.event.head_commit.message, '[-skip overwolf]')"
    needs:
      - build-jars
      - build-releases
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: subprocess-jar-ubuntu-latest
          path: subprocess/build/libs/
      - name: Build App (Overwolf)
        env:
          OW_CLI_API_KEY: ${{ secrets.OW_CLI_API_KEY }}
          OW_CLI_EMAIL: ${{ secrets.OW_CLI_EMAIL }}
          APP_TARGET_PLATFORM: "overwolf"
          VUE_APP_TARGET_PLATFORM: "overwolf"
          VUE_APP_PLATFORM: "overwolf"
        run: |
          cp subprocess/build/libs/meta.json overwolf/
          cp subprocess/build/libs/java-licenses.json overwolf/
          npm install --global pnpm@9.12.3 || true
          pnpm config set store-dir .pnpm-store
          pnpm install --no-frozen-lockfile
          pnpm gen:license
          node tooling/overwolf/patchManifest.js
          pnpm overwolf:build
          node tooling/overwolf/packageOpk.js
          echo "Signing OPK.."
          pnpm ow opk sign -o overwolf/signed.opk overwolf/*.opk
      - name: Upload Overwolf artifact
        uses: actions/upload-artifact@v4
        with:
          name: overwolf-opk
          path: overwolf/signed.opk

  # Publish to S3
  release-electron:
    name: Publish Electron
    if: |
      !cancelled() && !contains(github.event.head_commit.message, '[-skip release]') && needs.build-jars.result == 'success'
    runs-on: ubuntu-latest
    needs: build-releases
    strategy:
      matrix: 
        os: [ubuntu-latest, windows-latest, macos-latest]
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v4
        with:
          name: release-${{ matrix.os }}
          path: release/
      - name: Get B2 client
        shell: bash
        run: |
          wget -q -O /usr/local/bin/b2 https://github.com/Backblaze/B2_Command_Line_Tool/releases/latest/download/b2-linux
          chmod +x /usr/local/bin/b2
      - name: Upload
        shell: bash
        run: |
          ls -la release
          b2 authorize-account ${{ secrets.AWS_ACCESS_KEY_ID }} ${{ secrets.AWS_SECRET_ACCESS_KEY }} > /dev/null 2>&1
          b2 sync --replace-newer --no-progress release b2://${{ secrets.PUBLISH_BUCKET }}/app
          
  # Publish to Overwolf
  release-overwolf:
    name: Publish Overwolf
    # Don't run if cancelled or if the commit message contains [-skip release], also, don't run if the build-overwolf job was skipped
    if: |
      !cancelled() && !contains(github.event.head_commit.message, '[-skip release]') && needs.build-overwolf.result == 'success'
    runs-on: ubuntu-latest
    needs: 
      - build-overwolf
      - release-electron # There is no point in releasing Overwolf if the Electron build failed
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: overwolf-opk
          path: overwolf/
      - name: Release
        env:
          OW_CLI_API_KEY: ${{ secrets.OW_CLI_API_KEY }}
          OW_CLI_EMAIL: ${{ secrets.OW_CLI_EMAIL }}
        run: |
          npm install --global pnpm@9.12.3 || true
          pnpm config set store-dir .pnpm-store
          pnpm install --no-frozen-lockfile
          pnpm ow opk upload -w true overwolf/signed.opk