name: Release (Orchestrated)

on:
  release:
    types: [published]
  workflow_dispatch:

env:
  DOTNET_NOLOGO: true
  DOTNET_CLI_TELEMETRY_OPTOUT: true
  NUGET_SOURCE_URL: https://nuget.sabp.ir/v3/index.json
  PACKAGE_OUTPUT: ./artifacts/nuget
  PACKAGE_PROJECTS: DevOpsPackageTest/DevOpsPackageTest.csproj
  REGISTRY: reg.sabp.ir
  IMAGE_NAME: sabp-apps/devops-test
  RELEASE_TAG: ${{ gitea.event.release.tag_name }}
  REF_NAME: ${{ gitea.ref_name }}

jobs:
  build-and-push-nuget:
    runs-on: ubuntu-latest
    container:
      image: mcr-mirror.liara.ir/dotnet/sdk:10.0.202

    steps:
      - name: Checkout
        shell: bash
        run: |
          git clone --depth 1 https://git.sabp.ir/sufi-chain/dev-ops-test.git .

      - name: Restore selected projects
        shell: bash
        run: |
          set -euo pipefail
          for project in $PACKAGE_PROJECTS; do
            dotnet restore "$project"
          done

      - name: Build selected projects
        shell: bash
        run: |
          set -euo pipefail
          for project in $PACKAGE_PROJECTS; do
            dotnet build "$project" --configuration Release --no-restore
          done

      - name: Pack selected projects
        shell: bash
        run: |
          set -euo pipefail
          mkdir -p "$PACKAGE_OUTPUT"

          if [ -n "${RELEASE_TAG:-}" ]; then
            version="$RELEASE_TAG"
          else
            version="0.0.0-dev.$(date +%Y%m%d%H%M%S)"
          fi
          version="${version#v}"

          for project in $PACKAGE_PROJECTS; do
            dotnet pack "$project" \
              --configuration Release \
              --no-build \
              --output "$PACKAGE_OUTPUT" \
              -p:PackageVersion="$version" \
              -p:ContinuousIntegrationBuild=true
          done

      - name: Push packages to BaGet
        shell: bash
        env:
          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
        run: |
          set -euo pipefail
          if [ -z "${NUGET_API_KEY:-}" ]; then
            echo "NUGET_API_KEY secret is required."
            exit 1
          fi

          shopt -s nullglob
          packages=("$PACKAGE_OUTPUT"/*.nupkg)
          if [ ${#packages[@]} -eq 0 ]; then
            echo "No NuGet packages were produced."
            exit 1
          fi

          for package in "${packages[@]}"; do
            dotnet nuget push "$package" \
              --source "$NUGET_SOURCE_URL" \
              --api-key "$NUGET_API_KEY" \
              --skip-duplicate
          done

  build-and-push-docker:
    needs: build-and-push-nuget
    runs-on: ubuntu-latest
    container:
      image: mcr-mirror.liara.ir/dotnet/sdk:10.0.202

    steps:
      - name: Checkout
        shell: bash
        run: |
          set -euo pipefail
          git clone --depth 1 https://git.sabp.ir/sufi-chain/dev-ops-test.git .
          echo "=== Workspace contents ==="
          ls -la

      - name: Build and push image
        shell: bash
        env:
          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
          DOTNET_CONTAINER_REGISTRY_UNAME: ${{ secrets.HARBOR_USERNAME }}
          DOTNET_CONTAINER_REGISTRY_PWORD: ${{ secrets.HARBOR_PASSWORD }}
        run: |
          set -euo pipefail
          if [ -z "${HARBOR_USERNAME:-}" ] || [ -z "${HARBOR_PASSWORD:-}" ]; then
            echo "HARBOR_USERNAME and HARBOR_PASSWORD secrets are required."
            exit 1
          fi

          tag="${RELEASE_TAG:-$REF_NAME}"
          tag="${tag#v}"
          dotnet publish DevOpsTest/DevOpsTest/DevOpsTest.csproj \
            -v:n \
            --configuration Release \
            --os linux \
            --arch x64 \
            /t:PublishContainer \
            -p:ContainerRegistry="$REGISTRY" \
            -p:ContainerRepository="$IMAGE_NAME" \
            -p:ContainerBaseImage=mcr-mirror.liara.ir/dotnet/aspnet:10.0.202 \
            "-p:ContainerImageTags=$tag;latest"