name: Release

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - dev

jobs:
  release:
    name: Release
    permissions:
      contents: write
      packages: write
      id-token: write
      attestations: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Cache Gradle
        uses: burrunan/gradle-cache-action@v3

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./gradlew :patches:buildAndroid clean

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 'lts/*'
          cache: 'npm'

      - name: Install dependencies
        run: npm install

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          fingerprint: ${{ vars.GPG_FINGERPRINT }}

      - name: Release
        uses: cycjimmy/semantic-release-action@v4
        id: release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Attest
        if: steps.release.outputs.new_release_published == 'true'
        uses: actions/attest-build-provenance@v2
        with:
          subject-name: 'ReVanced Patches ${{ steps.release.outputs.new_release_git_tag }}'
          subject-path: patches/build/libs/patches-*.rvp