name: Build Electron App

on:
  release:
    types: [published]

permissions:
  contents: write  # Required to upload release assets

jobs:
  build:
    runs-on: macos-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 24
          cache: 'pnpm'
          cache-dependency-path: 'apps/x/pnpm-lock.yaml'

      - name: Extract version from tag
        id: version
        run: |
          VERSION="${GITHUB_REF#refs/tags/v}"
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "Extracted version: ${VERSION}"

      - name: Update package.json versions
        run: |
          node -e "
            const fs = require('fs');
            const version = '${{ steps.version.outputs.version }}';
            
            // Update apps/x/package.json
            const rootPackage = JSON.parse(fs.readFileSync('apps/x/package.json', 'utf8'));
            rootPackage.version = version;
            fs.writeFileSync('apps/x/package.json', JSON.stringify(rootPackage, null, 2) + '\n');
            
            // Update apps/x/apps/main/package.json
            const mainPackage = JSON.parse(fs.readFileSync('apps/x/apps/main/package.json', 'utf8'));
            mainPackage.version = version;
            fs.writeFileSync('apps/x/apps/main/package.json', JSON.stringify(mainPackage, null, 2) + '\n');
            
            console.log('Updated version to:', version);
          "

      - name: Install dependencies
        run: pnpm install --frozen-lockfile
        working-directory: apps/x

      - name: Build distributables
        run: npm run make
        working-directory: apps/x/apps/main

      - name: Diagnose built app
        run: |
          echo "=== Architecture Check ==="
          APP_PATH=$(find apps/x/apps/main/out -name "Rowboat.app" -type d | head -1)
          if [ -n "$APP_PATH" ]; then
            EXECUTABLE="$APP_PATH/Contents/MacOS/rowboat"
            if [ -f "$EXECUTABLE" ]; then
              echo "App executable found at: $EXECUTABLE"
              echo "Architecture:"
              lipo -info "$EXECUTABLE" || file "$EXECUTABLE"
              echo ""
              echo "=== Code Signing Check ==="
              codesign --verify --deep --strict --verbose=2 "$APP_PATH" || echo "App is not signed (this is OK if code signing secrets are not configured)"
              echo ""
              echo "=== Gatekeeper Check ==="
              spctl --assess --type execute --verbose "$APP_PATH" || echo "Gatekeeper assessment failed (expected for unsigned apps)"
            else
              echo "Executable not found at: $EXECUTABLE"
            fi
          else
            echo "App bundle not found"
          fi
        continue-on-error: true

      - name: Upload workflow artifacts
        uses: actions/upload-artifact@v4
        with:
          name: distributables
          path: apps/x/apps/main/out/make/*
          retention-days: 30

      - name: Attach files to GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: apps/x/apps/main/out/make/*
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}