name: Upload release assets
on:
  release:
    types:
      - published
  workflow_dispatch:
    inputs:
      tag:
        type: string
        required: true
      publish_release_artifacts:
        type: boolean
        required: true
        default: false

permissions:
  contents: read

jobs:
  upload:
    runs-on: ubuntu-22.04
    permissions:
      contents: write
      checks: write
      packages: write
      actions: read
      issues: read
      pull-requests: read
      repository-projects: read
      statuses: read
    strategy:
      fail-fast: false
    steps:
      - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ github.event.inputs.tag }}
      - name: Detect profile
        id: profile
        run: |
          if git describe --tags --match '[v|e]*' --exact; then
            REF=$(git describe --tags --match '[v|e]*' --exact)
          else
            echo "Only release tags matching '[v|e]*' are supported"
            exit 1
          fi
          case "$REF" in
            v*)
              echo "profile=emqx" >> $GITHUB_OUTPUT
              echo "version=$(./pkg-vsn.sh emqx)" >> $GITHUB_OUTPUT
              echo "ref_name=v$(./pkg-vsn.sh emqx)" >> "$GITHUB_ENV"
              echo "s3dir=emqx-ce" >> $GITHUB_OUTPUT
              ;;
            e*)
              echo "profile=emqx-enterprise" >> $GITHUB_OUTPUT
              echo "version=$(./pkg-vsn.sh emqx-enterprise)" >> $GITHUB_OUTPUT
              echo "ref_name=e$(./pkg-vsn.sh emqx-enterprise)" >> "$GITHUB_ENV"
              echo "s3dir=emqx-ee" >> $GITHUB_OUTPUT
              ;;
          esac
      - name: Get packages
        run: |
          BUCKET=${{ secrets.AWS_S3_BUCKET }}
          OUTPUT_DIR=${{ steps.profile.outputs.s3dir }}
          aws s3 cp --recursive s3://$BUCKET/$OUTPUT_DIR/${{ env.ref_name }} packages
      - uses: emqx/upload-assets@974befcf0e72a1811360a81c798855efb66b0551 # 0.5.2
        env:
          GITHUB_TOKEN: ${{ github.token }}
        with:
          asset_paths: '["packages/*"]'
          tag_name: "${{ env.ref_name }}"
          skip_existing: true
      - name: update to emqx.io
        if: github.event_name == 'release' || inputs.publish_release_artifacts
        run: |
          set -eux
          curl -w %{http_code} \
               --insecure \
               -H "Content-Type: application/json" \
               -H "token: ${{ secrets.EMQX_IO_TOKEN }}" \
               -X POST \
               -d "{\"repo\":\"emqx/emqx\", \"tag\": \"${{ env.ref_name }}\" }" \
               ${{ secrets.EMQX_IO_RELEASE_API }}
      - name: Push to packagecloud.io
        if: (github.event_name == 'release' && !github.event.release.prerelease) || inputs.publish_release_artifacts
        env:
          PROFILE: ${{ steps.profile.outputs.profile }}
          VERSION: ${{ steps.profile.outputs.version }}
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
        run: |
          set -eu
          REPO=$PROFILE
          if [ $PROFILE = 'emqx-enterprise' ]; then
              REPO='emqx-enterprise5'
          fi
          function push() {
            docker run -t --rm -e PACKAGECLOUD_TOKEN=$PACKAGECLOUD_TOKEN -v $(pwd)/$2:/w/$2 -w /w ghcr.io/emqx/package_cloud push emqx/$REPO/$1 $2
          }
          push "debian/buster" "packages/$PROFILE-$VERSION-debian10-amd64.deb"
          push "debian/buster" "packages/$PROFILE-$VERSION-debian10-arm64.deb"
          push "debian/bullseye" "packages/$PROFILE-$VERSION-debian11-amd64.deb"
          push "debian/bullseye" "packages/$PROFILE-$VERSION-debian11-arm64.deb"
          push "debian/bookworm" "packages/$PROFILE-$VERSION-debian12-amd64.deb"
          push "debian/bookworm" "packages/$PROFILE-$VERSION-debian12-arm64.deb"
          push "ubuntu/focal" "packages/$PROFILE-$VERSION-ubuntu20.04-amd64.deb"
          push "ubuntu/focal" "packages/$PROFILE-$VERSION-ubuntu20.04-arm64.deb"
          push "ubuntu/jammy" "packages/$PROFILE-$VERSION-ubuntu22.04-amd64.deb"
          push "ubuntu/jammy" "packages/$PROFILE-$VERSION-ubuntu22.04-arm64.deb"
          push "ubuntu/noble" "packages/$PROFILE-$VERSION-ubuntu24.04-amd64.deb"
          push "ubuntu/noble" "packages/$PROFILE-$VERSION-ubuntu24.04-arm64.deb"
          push "el/8" "packages/$PROFILE-$VERSION-el8-amd64.rpm"
          push "el/8" "packages/$PROFILE-$VERSION-el8-arm64.rpm"
          push "el/9" "packages/$PROFILE-$VERSION-el9-amd64.rpm"
          push "el/9" "packages/$PROFILE-$VERSION-el9-arm64.rpm"
          push "amazon/2" "packages/$PROFILE-$VERSION-amzn2-amd64.rpm"
          push "amazon/2" "packages/$PROFILE-$VERSION-amzn2-arm64.rpm"
          push "amazon/2023" "packages/$PROFILE-$VERSION-amzn2023-amd64.rpm"
          push "amazon/2023" "packages/$PROFILE-$VERSION-amzn2023-arm64.rpm"

  rerun-apps-version-check:
    runs-on: ubuntu-22.04
    if: github.repository_owner == 'emqx' && github.event_name == 'release'
    needs:
      - upload
    permissions:
      pull-requests: read
      checks: write
      actions: write
    steps:
      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      - name: trigger re-run of app versions check on open PRs
        shell: bash
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          python3 scripts/rerun-apps-version-check.py