# SPDX-License-Identifier: MIT
#
# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
#
# https://codeberg.org/forgejo-experimental/forgejo
#
#  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
#
#  vars.ROLE: forgejo-experimental
#  vars.FORGEJO: https://codeberg.org
#  vars.FROM_OWNER: forgejo-integration
#  vars.TO_OWNER: forgejo-experimental
#  vars.REPO: forgejo
#  vars.DOER: forgejo-experimental-ci
#  secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
#
# http://private.forgejo.org/forgejo/forgejo
#
#  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
#
#  vars.ROLE: forgejo-release
#  vars.FORGEJO: https://codeberg.org
#  vars.FROM_OWNER: forgejo-integration
#  vars.TO_OWNER: forgejo
#  vars.REPO: forgejo
#  vars.DOER: release-team
#  secrets.TOKEN: <generated from codeberg.org/release-team>
#  secrets.GPG_PRIVATE_KEY: <XYZ>
#  secrets.GPG_PASSPHRASE: <ABC>
#
name: Pubish release

on:
  push:
    tags: 'v*'

jobs:
  publish:
    runs-on: self-hosted
    if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
    steps:
      - uses: actions/checkout@v3

      - name: copy & sign
        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v4
        with:
          from-forgejo: ${{ vars.FORGEJO }}
          to-forgejo: ${{ vars.FORGEJO }}
          from-owner: ${{ vars.FROM_OWNER }}
          to-owner: ${{ vars.TO_OWNER }}
          repo: ${{ vars.REPO }}
          release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#{ANCHOR}"
          ref-name: ${{ github.ref_name }}
          sha: ${{ github.sha }}
          from-token: ${{ secrets.TOKEN }}
          to-doer: ${{ vars.DOER }}
          to-token: ${{ secrets.TOKEN }}
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
          verbose: ${{ vars.VERBOSE }}


      - name: set up go for the DNS update below
        if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
        uses: https://code.forgejo.org/actions/setup-go@v4
        with:
          go-version: "1.22"
          check-latest: true
      - name: update the _release.experimental DNS record
        if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
        uses: https://code.forgejo.org/actions/ovh-dns-update@v1
        with:
          subdomain: _release.experimental
          domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
          record-id: 5283602601
          value: v=${{ github.ref_name }}
          ovh-app-key: ${{ secrets.OVH_APP_KEY }}
          ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
          ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}