name: Publish Desktop Artifacts to Release

on:
  workflow_dispatch:
    inputs:
      tag:
        description: "Existing release tag to attach artifacts to (e.g. v0.6.5)"
        required: true
  release:
    types: [published]

permissions:
  contents: write

concurrency:
  group: desktop-release-${{ github.event.release.tag_name || github.event.inputs.tag || github.ref }}
  cancel-in-progress: false

jobs:
  desktop:
    name: Desktop (${{ matrix.label }})
    runs-on: ${{ matrix.runner }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - label: macOS arm64
            runner: macos-14
            target_os: darwin
            target_arch: arm64
            electron_target: "--mac dmg --arm64"
          - label: macOS x64
            runner: macos-15-intel
            target_os: darwin
            target_arch: x64
            electron_target: "--mac dmg --x64"
          - label: Windows x64
            runner: windows-latest
            target_os: win32
            target_arch: x64
            electron_target: "--win nsis --x64"
          - label: Linux x64
            runner: ubuntu-22.04
            target_os: linux
            target_arch: x64
            electron_target: "--linux AppImage deb --x64"
          - label: Linux arm64
            runner: ubuntu-22.04-arm
            target_os: linux
            target_arch: arm64
            electron_target: "--linux AppImage --arm64"

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.release.tag_name || github.event.inputs.tag }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 24
          cache: npm
          cache-dependency-path: |
            package-lock.json
            packages/desktop/package-lock.json

      - name: Install uv
        uses: astral-sh/setup-uv@v3

      - name: Install web UI dependencies
        run: |
          npm ci --ignore-scripts
          npm rebuild node-pty

      - name: Build web UI
        run: npm run build

      - name: Keep production web UI dependencies only
        run: npm prune --omit=dev --no-audit --no-fund

      - name: Install desktop dependencies
        run: npm ci --prefix packages/desktop --no-audit --no-fund

      - name: Prepare bundled Python
        env:
          TARGET_OS: ${{ matrix.target_os }}
          TARGET_ARCH: ${{ matrix.target_arch }}
        run: npm --prefix packages/desktop run prepare:python

      - name: Build desktop artifact
        env:
          CSC_LINK: ${{ matrix.target_os == 'darwin' && secrets.MAC_CSC_LINK || '' }}
          CSC_KEY_PASSWORD: ${{ matrix.target_os == 'darwin' && secrets.MAC_CSC_KEY_PASSWORD || '' }}
          APPLE_ID: ${{ matrix.target_os == 'darwin' && secrets.APPLE_ID || '' }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ matrix.target_os == 'darwin' && secrets.APPLE_APP_SPECIFIC_PASSWORD || '' }}
          APPLE_TEAM_ID: ${{ matrix.target_os == 'darwin' && secrets.APPLE_TEAM_ID || '' }}
        run: npm --prefix packages/desktop run dist -- ${{ matrix.electron_target }} --publish never

      - name: Upload artifacts to release
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.event.release.tag_name || github.event.inputs.tag }}
          fail_on_unmatched_files: true
          files: |
            packages/desktop/release/*.dmg
            packages/desktop/release/*.dmg.blockmap
            packages/desktop/release/*.exe
            packages/desktop/release/*.exe.blockmap
            packages/desktop/release/*.AppImage
            packages/desktop/release/*.deb
            packages/desktop/release/latest*.yml