name: Publish - Stable - Windows

on:
  workflow_dispatch: {}
  repository_dispatch:
    types:
      - publish-stable

env:
  APP_NAME: VSCodium
  ASSETS_REPOSITORY: ${{ github.repository }}
  BINARY_NAME: codium
  GH_REPO_PATH: ${{ github.repository }}
  GITHUB_BRANCH: master
  ORG_NAME: ${{ github.repository_owner }}
  OS_NAME: windows
  VERSIONS_REPOSITORY: ${{ github.repository_owner }}/versions
  VSCODE_QUALITY: stable

jobs:
  check:
    runs-on: ubuntu-latest
    permissions: {}
    outputs:
      MS_COMMIT: ${{ env.MS_COMMIT }}
      MS_TAG: ${{ env.MS_TAG }}
      RELEASE_VERSION: ${{ env.RELEASE_VERSION }}
      SHOULD_BUILD: ${{ env.SHOULD_BUILD }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ env.GITHUB_BRANCH }}
          persist-credentials: false

      - name: Clone VSCode repo
        run: ./get_repo.sh

      - name: Check existing VSCodium tags/releases
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CHECK_ALL: yes
        run: ./check_tags.sh

  compile:
    needs:
      - check
    runs-on: windows-2022
    permissions: {}
    defaults:
      run:
        shell: bash
    env:
      MS_COMMIT: ${{ needs.check.outputs.MS_COMMIT }}
      MS_TAG: ${{ needs.check.outputs.MS_TAG }}
      RELEASE_VERSION: ${{ needs.check.outputs.RELEASE_VERSION }}
      SHOULD_BUILD: ${{ needs.check.outputs.SHOULD_BUILD }}
      VSCODE_ARCH: x64
    outputs:
      BUILD_SOURCEVERSION: ${{ env.BUILD_SOURCEVERSION }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ env.GITHUB_BRANCH }}
          persist-credentials: false
        if: env.SHOULD_BUILD == 'yes'

      - name: Setup Node.js environment
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version-file: .nvmrc
        if: env.SHOULD_BUILD == 'yes'

      - name: Setup Python 3
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.11"
        if: env.SHOULD_BUILD == 'yes'

      - name: Clone VSCode repo
        run: ./get_repo.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Build
        env:
          SHOULD_BUILD_REH: no
          SHOULD_BUILD_REH_WEB: no
        run: ./build.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Compress vscode artifact
        run: |
          find vscode -type f -not -path "*/node_modules/*" -not -path "vscode/.build/node/*" -not -path "vscode/.git/*" > vscode.txt
          echo "vscode/.build/extensions/node_modules" >> vscode.txt
          echo "vscode/.git" >> vscode.txt
          tar -czf vscode.tar.gz -T vscode.txt
        if: env.SHOULD_BUILD == 'yes'

      - name: Upload vscode artifact
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: vscode
          path: ./vscode.tar.gz
          retention-days: 30
        if: env.SHOULD_BUILD == 'yes'

  build:
    needs:
      - check
      - compile
    runs-on: windows-2022
    environment: publish
    permissions:
      contents: write
    strategy:
      fail-fast: false
      matrix:
        vscode_arch:
          - x64
          - arm64
    defaults:
      run:
        shell: bash
    env:
      BUILD_SOURCEVERSION: ${{ needs.compile.outputs.BUILD_SOURCEVERSION }}
      MS_COMMIT: ${{ needs.check.outputs.MS_COMMIT }}
      MS_TAG: ${{ needs.check.outputs.MS_TAG }}
      RELEASE_VERSION: ${{ needs.check.outputs.RELEASE_VERSION }}
      SHOULD_BUILD: ${{ needs.check.outputs.SHOULD_BUILD }}
      VSCODE_ARCH: ${{ matrix.vscode_arch }}
    outputs:
      RELEASE_VERSION: ${{ env.RELEASE_VERSION }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ env.GITHUB_BRANCH }}
          persist-credentials: false
        if: env.SHOULD_BUILD == 'yes'

      - name: Setup Node.js environment
        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version-file: '.nvmrc'
        if: env.SHOULD_BUILD == 'yes'

      - name: Setup Python 3
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: '3.11'
        if: env.SHOULD_BUILD == 'yes'

      - name: Check existing VSCodium tags/releases
        env:
          DISABLE_MSI: ${{ vars.DISABLE_STABLE_MSI }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./check_tags.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Download vscode artifact
        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: vscode
        if: env.SHOULD_BUILD == 'yes'

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          npm_config_arch: ${{ matrix.vscode_arch }}
          npm_config_target_arch: ${{ matrix.vscode_arch }}
        run: ./build/windows/package.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Prepare assets
        run: ./prepare_assets.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Upload unsigned artifacts
        id: upload-unsigned-artifacts
        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: unsigned-${{ matrix.vscode_arch }}
          path: |
            assets/*.exe
            assets/*.msi
          retention-days: 1
        if: env.SHOULD_BUILD == 'yes'

      - name: Signing
        uses: signpath/github-action-submit-signing-request@b9d91eadd323de506c0c81cf0c7fe7438f3360fd # v2.2
        with:
          api-token: ${{ secrets.SIGNPATH_API_TOKEN }}
          organization-id: ${{ secrets.SIGNPATH_ORGANIZATION_ID }}
          project-slug: ${{ secrets.SIGNPATH_PROJECT_SLUG }}
          signing-policy-slug: ${{ secrets.SIGNPATH_POLICY_SLUG }}
          github-artifact-id: ${{ steps.upload-unsigned-artifacts.outputs.artifact-id }}
          artifact-configuration-slug: ${{ matrix.vscode_arch }}
          wait-for-completion: true
          # 8h to manually approve the request
          wait-for-completion-timeout-in-seconds: 28800
          output-artifact-directory: assets/
        if: env.SHOULD_BUILD == 'yes'

      - name: Prepare checksums
        run: ./prepare_checksums.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./release.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Update versions repo
        env:
          GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}
          GITHUB_USERNAME: ${{ github.repository_owner }}
        run: ./update_version.sh
        if: env.SHOULD_BUILD == 'yes'

  winget:
    needs: build
    runs-on: windows-2022
    environment: publish
    permissions:
      contents: write
    defaults:
      run:
        shell: bash
    env:
      APP_IDENTIFIER: VSCodium.VSCodium

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ env.GITHUB_BRANCH }}
          persist-credentials: false

      - name: Check version
        run: ./stores/winget/check_version.sh
        env:
          RELEASE_VERSION: ${{ needs.build.outputs.RELEASE_VERSION }}

      - name: Release to WinGet
        uses: vedantmgoyal9/winget-releaser@4ffc7888bffd451b357355dc214d43bb9f23917e
        with:
          identifier: ${{ env.APP_IDENTIFIER }}
          version: ${{ env.RELEASE_VERSION }}
          release-tag: ${{ env.RELEASE_VERSION }}
          installers-regex: '\.exe$' # only .exe files
          token: ${{ secrets.STRONGER_GITHUB_TOKEN }}
        if: env.SHOULD_DEPLOY == 'yes'