on:
  push:
    # Sequence of patterns matched against refs/tags
    tags:
    - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10

name: MacOS Release

jobs:
  build_with_signing:
    name: Upload Release Asset
    runs-on: macos-latest
    strategy:
      matrix:
        configuration: ['release'] # 'debug'
        compiler: ['clang']
        platform: ['aarch64'] 
        targetPlatform: ['x64', 'aarch64'] 
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
        with:
          submodules: 'true'
          fetch-depth: '0'
      - name: Build release project
        id: build
        run: |
          echo "starting to build..."
          export CC=${{matrix.compiler}}
          export CONFIGURATION=${{matrix.configuration}}
          export ARCH=${{matrix.platform}}
          export TARGETARCH=${{matrix.targetPlatform}}
          echo "building..."
          source ./github_macos_build.sh
      - name: "Import signing certificate"
        env:
          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
        run: |
          # create variables
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          # import certificate and provisioning profile from secrets
          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH

          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

          # import certificate to keychain
          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH

          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k ${KEYCHAIN_PASSWORD} $KEYCHAIN_PATH

      - name: Install nortarize tools
        run: |
          brew install Bearer/tap/gon
          security find-identity -v
          brew install coreutils
      - name: Sign binaries
        env:
          IDENTITY_ID: d6ada82a113e4204aaad914e1013e9548ffd30d0
        run: |
          /usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/libslang.dylib -v
          /usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/libslang-glslang.dylib -v
          /usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/libgfx.dylib -v
          /usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/slangd -v
          /usr/bin/codesign --force --options runtime -s ${IDENTITY_ID} ./bin/macosx-${{matrix.targetPlatform}}/release/slangc -v
      - name: Package
        id: package
        run: |
          export SLANG_OS_NAME=macos
          export SLANG_ARCH_NAME=${{matrix.targetPlatform}}
          export TAG_NAME=`git describe --tags`
          export SLANG_TAG=${TAG_NAME#v}
          echo "tag:$TAG_NAME"
          echo "slang-tag:$SLANG_TAG"
          export SLANG_BINARY_ARCHIVE=slang-${SLANG_TAG}-${SLANG_OS_NAME}-${SLANG_ARCH_NAME}.zip
          echo "creating zip"
          7z a ${SLANG_BINARY_ARCHIVE} slang.h
          7z a ${SLANG_BINARY_ARCHIVE} slang-com-helper.h
          7z a ${SLANG_BINARY_ARCHIVE} slang-com-ptr.h
          7z a ${SLANG_BINARY_ARCHIVE} slang-tag-version.h
          7z a ${SLANG_BINARY_ARCHIVE} slang-gfx.h
          7z a ${SLANG_BINARY_ARCHIVE} prelude/*.h
          7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libslang.dylib
          7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libslang-glslang.dylib
          7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/libgfx.dylib
          7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangc
          7z a ${SLANG_BINARY_ARCHIVE} bin/*/*/slangd
          7z a ${SLANG_BINARY_ARCHIVE} docs/*.md
          echo "SLANG_BINARY_ARCHIVE=${SLANG_BINARY_ARCHIVE}" >> $GITHUB_OUTPUT
      - name: UploadBinary
        uses: softprops/action-gh-release@v1
        with:
          files: |
            ${{ steps.package.outputs.SLANG_BINARY_ARCHIVE }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Notarize
        env:
          AC_PASSWORD: ${{secrets.APPLE_ID_PASSWORD}}
          AC_PROVIDER: ${{secrets.APPLE_ID_PPOVIDER}}
          AC_USERNAME: ${{secrets.APPLE_ID_USERNAME}}
        run: |
          cp ./bin/macosx-${{matrix.targetPlatform}}/release/libslang.dylib libslang.dylib
          cp ./bin/macosx-${{matrix.targetPlatform}}/release/libslang-glslang.dylib libslang-glslang.dylib
          cp ./bin/macosx-${{matrix.targetPlatform}}/release/libslang.dylib libgfx.dylib
          cp ./bin/macosx-${{matrix.targetPlatform}}/release/slangd slangd
          cp ./bin/macosx-${{matrix.targetPlatform}}/release/slangc slangc
          7z a slang-macos-dist.zip libslang.dylib
          7z a slang-macos-dist.zip libslang-glslang.dylib
          7z a slang-macos-dist.zip libgfx.dylib
          7z a slang-macos-dist.zip slangd
          7z a slang-macos-dist.zip slangc
          cp slang-macos-dist.zip slang-macos-dist-${{matrix.targetPlatform}}.zip
          timeout 1000 gon ./extras/macos-notarize.json
      - name: UploadNotarizedBinary
        if: always()
        uses: softprops/action-gh-release@v1
        with:
          files: |
            slang-macos-dist-${{matrix.targetPlatform}}.zip
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}