# Copyright 2019-2023 Tauri Programme within The Commons Conservancy
# SPDX-License-Identifier: Apache-2.0
# SPDX-License-Identifier: MIT

name: test updater artifacts
on:
  schedule:
    - cron: '0 0 * * *'
  pull_request:
    paths:
      - '.github/workflows/test-updater-artifacts.yml'
      - 'examples/updater/**'
  workflow_dispatch:

env:
  RUST_BACKTRACE: 1
  CARGO_PROFILE_DEV_DEBUG: 0 # This would add unnecessary bloat to the target folder, decreasing cache efficiency.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  test:
    runs-on: ${{ matrix.platform }}

    strategy:
      fail-fast: false
      matrix:
        platform: [ubuntu-latest, macos-latest, windows-latest]

    steps:
      - uses: actions/checkout@v2
      - name: install stable
        uses: actions-rs/toolchain@v1
        with:
          toolchain: stable

      - name: install Linux dependencies
        if: matrix.platform == 'ubuntu-latest'
        run: |
          sudo apt-get update
          sudo apt-get install -y webkit2gtk-4.0 libayatana-appindicator3-dev

      - uses: Swatinem/rust-cache@v2
        with:
          workspaces: |
            core -> ../target
            tooling/cli

      - name: build and install `tauri-cli`
        run: cargo install --path tooling/cli --force
      - name: Check whether code signing should be enabled
        id: enablecodesigning
        env:
          ENABLE_CODE_SIGNING: ${{ secrets.APPLE_CERTIFICATE }}
        run: |
          echo "Enable code signing: ${{ env.ENABLE_CODE_SIGNING != '' }}"
          echo "::set-output name=enabled::${{ env.ENABLE_CODE_SIGNING != '' }}"

      # run only on tauri-apps/tauri repo (require secrets)
      - name: build sample artifacts + code signing (updater)
        if: steps.enablecodesigning.outputs.enabled == 'true'
        working-directory: ./examples/updater
        run: |
          yarn install
          cargo tauri build --verbose
        env:
          # Notarization (disabled)
          # FIXME: enable only on `dev` push maybe? as it take some times...
          #
          # APPLE_ID: ${{ secrets.APPLE_ID }}
          # APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}

          # Apple code signing testing
          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
          APPLE_SIGNING_IDENTITY: ${{ secrets.APPLE_SIGNING_IDENTITY }}
          # Updater signature is exposed here to make sure it works in PR's
          TAURI_PRIVATE_KEY: dW50cnVzdGVkIGNvbW1lbnQ6IHJzaWduIGVuY3J5cHRlZCBzZWNyZXQga2V5ClJXUlRZMEl5YTBGV3JiTy9lRDZVd3NkL0RoQ1htZmExNDd3RmJaNmRMT1ZGVjczWTBKZ0FBQkFBQUFBQUFBQUFBQUlBQUFBQWdMekUzVkE4K0tWQ1hjeGt1Vkx2QnRUR3pzQjVuV0ZpM2czWXNkRm9hVUxrVnB6TUN3K1NheHJMREhQbUVWVFZRK3NIL1VsMDBHNW5ET1EzQno0UStSb21nRW4vZlpTaXIwZFh5ZmRlL1lSN0dKcHdyOUVPclVvdzFhVkxDVnZrbHM2T1o4Tk1NWEU9Cg==
          TAURI_KEY_PASSWORD:
      # run on PRs and forks
      - name: build sample artifacts (updater)
        if: steps.enablecodesigning.outputs.enabled != 'true'
        working-directory: ./examples/updater
        run: |
          yarn install
          cargo tauri build --verbose
        env:
          TAURI_PRIVATE_KEY: dW50cnVzdGVkIGNvbW1lbnQ6IHJzaWduIGVuY3J5cHRlZCBzZWNyZXQga2V5ClJXUlRZMEl5YTBGV3JiTy9lRDZVd3NkL0RoQ1htZmExNDd3RmJaNmRMT1ZGVjczWTBKZ0FBQkFBQUFBQUFBQUFBQUlBQUFBQWdMekUzVkE4K0tWQ1hjeGt1Vkx2QnRUR3pzQjVuV0ZpM2czWXNkRm9hVUxrVnB6TUN3K1NheHJMREhQbUVWVFZRK3NIL1VsMDBHNW5ET1EzQno0UStSb21nRW4vZlpTaXIwZFh5ZmRlL1lSN0dKcHdyOUVPclVvdzFhVkxDVnZrbHM2T1o4Tk1NWEU9Cg==
          TAURI_KEY_PASSWORD:
      # upload assets
      - uses: actions/upload-artifact@v2
        if: matrix.platform == 'ubuntu-latest'
        with:
          name: linux-updater-artifacts
          path: ./examples/updater/src-tauri/target/release/bundle/appimage/updater-example_*.AppImage.*
      - uses: actions/upload-artifact@v2
        if: matrix.platform == 'windows-latest'
        with:
          name: windows-updater-artifacts
          path: ./examples/updater/src-tauri/target/release/bundle/msi/*
      - uses: actions/upload-artifact@v2
        if: matrix.platform == 'macos-latest'
        with:
          name: macos-updater-artifacts
          path: ./examples/updater/src-tauri/target/release/bundle/macos/updater-example.app.tar.*