name: Release Mobile App

on:
  workflow_call:
    inputs:
      build-target:
        description: 'Build Target'
        type: string
        required: true
      build-type:
        description: 'Build Type'
        type: string
        required: true
  workflow_dispatch:
    inputs:
      build-target:
        description: 'Build Target'
        type: choice
        required: true
        default: distribution
        options:
          - development
          - distribution
      build-type:
        description: 'Build Type'
        type: choice
        required: true
        default: canary
        options:
          - canary
          - beta
          - stable
env:
  BUILD_TYPE: ${{ inputs.build-type || github.event.inputs.build-type }}
  BUILD_TARGET: ${{ inputs.build-target || github.event.inputs.build-target }}
  DEBUG: napi:*
  KEYCHAIN_NAME: ${{ github.workspace }}/signing_temp

jobs:
  build-ios-web:
    runs-on: ubuntu-latest
    environment: ${{ inputs.build-type || github.event.inputs.build-type }}
    outputs:
      RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        id: version
        uses: ./.github/actions/setup-version
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
      - name: Setup @sentry/cli
        uses: ./.github/actions/setup-sentry
      - name: Build Mobile
        run: yarn nx build @affine/ios --skip-nx-cache
        env:
          PUBLIC_PATH: '/'
          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
          SENTRY_PROJECT: 'affine'
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
          RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
          SKIP_NX_CACHE: 'true'
      - name: Upload ios artifact
        uses: actions/upload-artifact@v4
        with:
          name: ios
          path: packages/frontend/apps/ios/dist

  build-android-web:
    runs-on: ubuntu-latest
    environment: ${{ github.event.inputs.build-type || inputs.build-type }}
    outputs:
      RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Version
        id: version
        uses: ./.github/actions/setup-version
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
      - name: Setup @sentry/cli
        uses: ./.github/actions/setup-sentry
      - name: Build Mobile
        run: yarn nx build @affine/android --skip-nx-cache
        env:
          PUBLIC_PATH: '/'
          MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
          SENTRY_PROJECT: 'affine'
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
          SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }}
          RELEASE_VERSION: ${{ steps.version.outputs.APP_VERSION }}
          SKIP_NX_CACHE: 'true'
      - name: Upload android artifact
        uses: actions/upload-artifact@v4
        with:
          name: android
          path: packages/frontend/apps/android/dist

  ios:
    runs-on: macos-latest
    needs:
      - build-ios-web
    steps:
      - uses: actions/checkout@v4
      - name: Download mobile artifact
        uses: actions/download-artifact@v4
        with:
          name: ios
          path: packages/frontend/apps/ios/dist
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        timeout-minutes: 10
        with:
          extra-flags: workspaces focus @affine/ios
          playwright-install: false
          electron-install: false
          hard-link-nm: false
          enableScripts: false
      - name: Cap sync
        run: yarn workspace @affine/ios cap sync
      - name: Signing By Apple Developer ID
        uses: apple-actions/import-codesign-certs@v3
        id: import-codesign-certs
        with:
          p12-file-base64: ${{ secrets.CERTIFICATES_P12_MOBILE }}
          p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD_MOBILE }}
      - uses: maxim-lobanov/setup-xcode@v1
        with:
          xcode-version: latest-stable
      - name: Testflight
        if: ${{ env.BUILD_TYPE != 'stable' }}
        working-directory: packages/frontend/apps/ios/App
        run: |
          echo -n "${{ env.BUILD_PROVISION_PROFILE }}" | base64 --decode -o $PP_PATH
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
          fastlane beta
        env:
          BUILD_PROVISION_PROFILE: ${{ secrets.BUILD_PROVISION_PROFILE }}
          PP_PATH: ${{ runner.temp }}/build_pp.mobileprovision
          APPLE_STORE_CONNECT_API_KEY_ID: ${{ secrets.APPLE_STORE_CONNECT_API_KEY_ID }}
          APPLE_STORE_CONNECT_API_ISSUER_ID: ${{ secrets.APPLE_STORE_CONNECT_API_ISSUER_ID }}
          APPLE_STORE_CONNECT_API_KEY: ${{ secrets.APPLE_STORE_CONNECT_API_KEY }}

  android:
    runs-on: ubuntu-latest
    permissions:
      id-token: 'write'
    needs:
      - build-android-web
    steps:
      - uses: actions/checkout@v4
      - name: Download mobile artifact
        uses: actions/download-artifact@v4
        with:
          name: android
          path: packages/frontend/apps/android/dist
      - name: Setup Node.js
        uses: ./.github/actions/setup-node
        timeout-minutes: 10
        with:
          extra-flags: workspaces focus @affine/android @affine/playstore-auto-bump
          playwright-install: false
          electron-install: false
          hard-link-nm: false
          enableScripts: false
      - name: Cap sync
        run: yarn workspace @affine/android cap sync
      - name: Auth gcloud
        id: auth
        uses: google-github-actions/auth@v2
        if: ${{ env.BUILD_TARGET == 'distribution' }}
        with:
          workload_identity_provider: 'projects/${{ secrets.GCP_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/github-actions/providers/github-actions-helm-deploy'
          service_account: '${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }}'
          token_format: 'access_token'
          project_id: '${{ secrets.GCP_PROJECT_ID }}'
          access_token_scopes: 'https://www.googleapis.com/auth/androidpublisher'
      - uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'
      - name: Auto increment version code
        id: bump
        if: ${{ env.BUILD_TARGET == 'distribution' }}
        run: yarn workspace @affine/playstore-auto-bump bump
        env:
          GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.auth.outputs.credentials_file_path }}
      - name: Build
        run: |
          echo -n "${{ env.AFFINE_ANDROID_SIGN_KEYSTORE }}" | base64 --decode > packages/frontend/apps/android/affine.keystore
          yarn workspace @affine/android cap build android
        env:
          AFFINE_ANDROID_KEYSTORE_PASSWORD: ${{ secrets.AFFINE_ANDROID_KEYSTORE_PASSWORD }}
          AFFINE_ANDROID_KEYSTORE_ALIAS_PASSWORD: ${{ secrets.AFFINE_ANDROID_KEYSTORE_ALIAS_PASSWORD }}
          AFFINE_ANDROID_SIGN_KEYSTORE: ${{ secrets.AFFINE_ANDROID_SIGN_KEYSTORE }}
      - name: Upload to Google Play
        uses: r0adkll/upload-google-play@v1
        if: ${{ env.BUILD_TARGET == 'distribution' }}
        with:
          serviceAccountJson: ${{ steps.auth.outputs.credentials_file_path }}
          packageName: app.affine.pro
          releaseFiles: packages/frontend/apps/android/App/app/build/outputs/bundle/release/app-release-signed.aab
          track: internal
          status: draft
          existingEditId: ${{ steps.bump.outputs.EDIT_ID }}