name: Release (Manual/Draft)

on:
  workflow_dispatch:
    
jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      
      - uses: actions/checkout@v3
        
      - uses: subosito/flutter-action@v2

      - name: Import GPG key
        id: import_pgp_key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.PGP_KEY_BASE64 }}
          passphrase: ${{ secrets.PGP_PASSPHRASE }}

      - name: Build APKs
        run: |
          sed -i 's/signingConfig signingConfigs.release//g' android/app/build.gradle
          flutter build apk && flutter build apk --split-per-abi
        
      - name: Sign APKs
        env:
          KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }}
          KEYSTORE_PASS: ${{ secrets.KEYSTORE_PASS }}
          PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }}
        run: |
          echo "${KEYSTORE_BASE64}" | base64 -d > apksign.keystore
          for apk in ./build/app/outputs/flutter-apk/*-release*.apk; do
            unsignedFn=${apk/-release/-unsigned}
            mv "$apk" "$unsignedFn"
            ${ANDROID_HOME}/build-tools/30.0.2/apksigner sign --ks apksign.keystore --ks-pass env:KEYSTORE_PASS --out "${apk}" "${unsignedFn}"
            sha256sum ${apk} | cut -d " " -f 1 > "$apk".sha256
            gpg --batch  --pinentry-mode loopback --passphrase "${PGP_PASSPHRASE}" --sign --detach-sig "$apk".sha256
          done
          rm apksign.keystore
          PGP_KEY_FINGERPRINT="${{ steps.import_pgp_key.outputs.fingerprint }}"
          gpg --batch --yes --delete-secret-keys "$PGP_KEY_FINGERPRINT"
          gpg --batch --yes --delete-keys "$PGP_KEY_FINGERPRINT"
        
      - name: Extract Version
        id: extract_version      
        run: |
           VERSION=$(grep -oP "currentVersion = '\K[^']+" lib/main.dart)
           echo "::set-output name=version::$VERSION"
           TAG=$(grep -oP "'.*\\\$currentVersion.*'" lib/main.dart | head -c -2 | tail -c +2 | sed "s/\$currentVersion/$VERSION/g")
           echo "::set-output name=tag::$TAG"
           if [ -n "$(echo $TAG | grep -oP '\-beta$')" ]; then BETA=true; else BETA=false; fi
           echo "::set-output name=beta::$BETA"
      
      - name: Create Release And Upload APKs
        uses: ncipollo/release-action@v1
        with:
          token: ${{ secrets.GH_ACCESS_TOKEN }}
          tag: "${{ steps.extract_version.outputs.tag }}"
          prerelease: "${{ steps.extract_version.outputs.beta }}"
          artifacts: ./build/app/outputs/flutter-apk/*-release*.apk*
          draft: true
                  
      - name: Archive Reports For Job
        uses: actions/upload-artifact@v3
        with:
          name: reports
          path: '*/build/reports'
        if: ${{ always() }}