name: Release CI

on:
  push:
    tags:
      - 'v*'

# 确保默认情况下所有 job 都只有只读权限，只有需要写权限的 job（比如发布 release 的 job）才会单独提升权限，其他 job 依然保持最小权限，最大程度保护仓库安全
permissions:
  contents: read

concurrency:
  group: release-${{ github.ref }}
  cancel-in-progress: true  # 如果有新的发布任务，取消正在进行的任务

jobs:
  publish-tauri:
    permissions:
      contents: write # 授予写入仓库内容的权限
    strategy:
      fail-fast: false  # 某个平台构建失败不影响其他平台
      matrix:
        include:
          - platform: "macos-latest" # for Arm based macs (M1 and above).
            args: "--target aarch64-apple-darwin"
          - platform: "macos-latest" # for Intel based macs.
            args: "--target x86_64-apple-darwin"
          - platform: "ubuntu-22.04"
            args: ""
          - platform: "windows-latest"
            args: ""

    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/checkout@v4

      - name: install dependencies (ubuntu only)
        if: matrix.platform == 'ubuntu-22.04'
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            libwebkit2gtk-4.1-dev \
            librsvg2-dev \
            patchelf \
            libudev-dev \
            libasound2-dev \
            pkg-config \
            libgtk-3-dev \
            libayatana-appindicator3-dev

      # 添加环境变量配置
      - name: Set up environment variables
        run: echo "${{ secrets.ENV_LOCAL_CONTENT }}" > .env.local

      # 首先安装 pnpm
      - name: Install pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 10
          run_install: false

      # 然后设置 Node.js
      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'pnpm'

      - name: Install dependencies
        run: pnpm install

      # 安装 Rust
      - name: install Rust stable
        uses: dtolnay/rust-toolchain@stable # Set this to dtolnay/rust-toolchain@nightly
        with:
          # Those targets are only used on macos runners so it's in an `if` to slightly speed up windows and linux builds.
          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}

      - name: Rust cache
        uses: swatinem/rust-cache@v2
        with:
          workspaces: './src-tauri -> target'

      - name: Create release
        uses: tauri-apps/tauri-action@v0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # 使用之前配置的私钥
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          # 使用之前配置的私钥密码
          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY_PASSWORD }}
        with:
          tagName: v__VERSION__ #这个动作会自动将\_\_VERSION\_\_替换为app version
          releaseName: 'v__VERSION__'
          releaseBody: 'See the assets to download and install this version.'
          releaseDraft: true
          prerelease: false
          args: ${{ matrix.args }}