name: Release

on:
  workflow_dispatch:
    inputs:
      tag_name:
        description: 'new/existing tag name'
        required: true
      target_commitish:
        description: 'target if new tag'
        default: master

permissions:
  contents: write
  id-token: write
  attestations: write

jobs:
  build:
    name: NickelMenu
    runs-on: ubuntu-latest
    container: ghcr.io/pgaskin/nickeltc:1.0
    steps:
    - name: Checkout
      uses: actions/checkout@v6
      with:
        submodules: true
    - name: Build
      uses: docker://ghcr.io/pgaskin/nickeltc:1.0
      with:
        entrypoint: make
        args: all koboroot
    - name: Attest
      uses: actions/attest-build-provenance@v3
      with:
        subject-path: |
          KoboRoot.tgz
    - name: Create draft release
      uses: actions/github-script@v8
      id: draft_release
      with:
        script: |
          const {data: {id: id}} = await github.rest.repos.createRelease({
            owner: context.repo.owner,
            repo: context.repo.repo,
            tag_name: context.payload.inputs.tag_name,
            target_commitish: context.payload.inputs.target_commitish,
            name: `NickelMenu ${context.payload.inputs.tag_name}`,
            draft: true,
          })
          core.setOutput('id', id)
    - name: Upload release asset
      uses: actions/github-script@v8
      with:
        retries: 3 # note: this applies to individual github.rest calls, not the entire script
        script: |
          const {readFile} = require('fs').promises
          await github.rest.repos.uploadReleaseAsset({
            owner: context.repo.owner,
            repo: context.repo.repo,
            release_id: '${{steps.draft_release.outputs.id}}',
            name: 'KoboRoot.tgz',
            data: await readFile(`KoboRoot.tgz`),
          })