name: Final Release

on:
  workflow_dispatch:
    inputs:
      version:
        description: "Release version number (e.g., 2.1.0)"
        required: true
        type: string
      previous_version:
        description: "Previous version tag for changelog (e.g., 2.1.0-beta.3)"
        required: true
        type: string
      dry_run:
        description: "Dry Run (The docker image will not be pushed to registries. PR will still be created.)"
        required: false
        type: boolean
        default: false

permissions:
  contents: write
  pull-requests: write

jobs:
  release:
    runs-on: ubuntu-latest
    timeout-minutes: 120

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: master
          persist-credentials: true
          fetch-depth: 0 # Fetch all history for changelog generation

      - name: Set up Node.js
        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
        with:
          node-version: 24

      - name: Create release branch
        env:
          VERSION: ${{ inputs.version }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@github.com/${{ github.repository }}.git"
          # Delete remote branch if it exists
          git push origin --delete "release-${VERSION}" || true
          # Delete local branch if it exists
          git branch -D "release-${VERSION}" || true
          # For testing purpose
          # git checkout beta-workflow
          git checkout -b "release-${VERSION}"

      - name: Install dependencies
        run: npm clean-install --no-fund

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Set up QEMU
        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

      - name: Login to Docker Hub
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ secrets.GHCR_USERNAME }}
          password: ${{ secrets.GHCR_TOKEN }}

      - name: Run release-final
        env:
          RELEASE_VERSION: ${{ inputs.version }}
          RELEASE_PREVIOUS_VERSION: ${{ inputs.previous_version }}
          DRY_RUN: ${{ inputs.dry_run }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_RUN_ID: ${{ github.run_id }}
        run: npm run release-final

      - name: Upload dist.tar.gz as artifact
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: dist-${{ inputs.version }}
          path: ./tmp/dist.tar.gz
          retention-days: 90