.github/workflows/publish.yml

on:
  pull_request:
    branches: [ master ]
  push:
    branches: [ master ]

name: Publish Release
jobs:
  build:
    name: Build Release Package
    runs-on: ubuntu-latest
    timeout-minutes: 10
    outputs:
      should-release: ${{ steps.confirm-release.outputs.test }}
      branch: ${{ steps.get-branch.outputs.branch }}
      version: ${{ steps.get-version.outputs.version }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Setup .NET Core
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: 6.0.200
          
      - name: Get version
        id: get-version
        run: echo "version=$(cat version)" >> $GITHUB_OUTPUT
        
      - name: Get branch
        id: get-branch
        run: echo "branch=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
        
      - name: Confirm release
        id: confirm-release
        run: echo "test=$(git tag --list 'v${{ steps.get-version.outputs.version }}' | wc -l | sed s/\ //g)" >> $GITHUB_OUTPUT

      - name: Restore tools
        run: dotnet tool restore

      - name: Install dependencies
        run: dotnet restore

      - name: Build for publish
        run: dotnet build --configuration Release --no-restore -p:PackageVersion=${{ steps.get-version.outputs.version }} -p:FileVersion=${{ steps.get-version.outputs.version }} -p:InformationalVersion=${{ steps.get-version.outputs.version }}

      # Package without rebuilding the binaries. TargetsForTfmSpecificContentInPackage is a workaround for a bug related to --no-build with fsharp projects.
      # See https://github.com/dotnet/fsharp/issues/12320
      - name: Dotnet Pack
        run: dotnet pack -c release -p:PackageVersion=${{ steps.get-version.outputs.version }} -p:FileVersion=${{ steps.get-version.outputs.version }} -p:InformationalVersion=${{ steps.get-version.outputs.version }} --no-build --output nuget-packages -p:TargetsForTfmSpecificContentInPackage=
      # Sign the nuget package itself
      
      - name: Package will be released
        if: ${{ steps.confirm-release.outputs.test == 0 }}
        run: echo "Will release nuget package"

      - name: Upload nuget packages
        uses: actions/upload-artifact@v3
        if: ${{ steps.get-branch.outputs.branch == 'master' && steps.confirm-release.outputs.test == 0 }}
        with:
          name: nuget-packages
          path: nuget-packages/
          retention-days: 1

  publish:
    name: Create Release
    runs-on: windows-latest
    environment: CD
    if: ${{ needs.build.branch == 'master' && needs.build.should-release == 0 }}
    needs:
     - build
    steps:
      - name: Setup .NET Core
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: 6.0.200
      - name: Download nuget packages
        uses: actions/download-artifact@v3
        with:
          name: nuget-packages
          path: nuget-packages/

      - name: Sign nuget packages
        env:
          CERTIFICATE_HOST: ${{ secrets.CODE_SIGNING_CERT_HOST }}
          CERTIFICATE_HOST_API_KEY: ${{ secrets.CODE_SIGNING_CERT_HOST_API_KEY }}
          CERTIFICATE_SHA1_HASH: ${{ secrets.CODE_SIGNING_CERT_SHA1_HASH }}
          CLIENT_CERTIFICATE: ${{ secrets.CODE_SIGNING_CLIENT_CERT }}
          CLIENT_CERTIFICATE_PASSWORD: ${{ secrets.CODE_SIGNING_CLIENT_CERT_PASSWORD }}
        uses: cognitedata/code-sign-action/@v2
        with:
          path-to-binary: 'nuget-packages/'

      - name: Push nuget packages
        run: dotnet nuget push .\nuget-packages\*.nupkg -s https://api.nuget.org/v3/index.json -k ${{ secrets.NUGET_API_KEY }}
        continue-on-error: false

      - name: Create Release
        uses: actions/create-release@master
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: v${{ needs.build.version }}
          release_name: Release v${{ needs.build.version }}
          draft: false
          prerelease: false