# This workflow relies on actions/cache to store the hak dependency artifacts as they take a long time to build
# Due to this extra care must be taken to only ever run all build_* scripts against the same branch to ensure
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
on:
    workflow_call:
        inputs:
            config:
                type: string
                required: true
                description: "The config directory to use"
            version:
                type: string
                required: false
                description: "Version string to override the one in package.json, used for non-release builds"
            sqlcipher:
                type: string
                required: true
                description: "How to link sqlcipher, one of 'system' | 'static'"
jobs:
    build:
        runs-on: ubuntu-latest
        container:
            image: ghcr.io/vector-im/element-desktop-dockerbuild:t3chguy-dockerbuild
        defaults:
            run:
                shell: bash
        steps:
            - uses: actions/checkout@v3

            - uses: actions/download-artifact@v3
              with:
                  name: webapp

            - name: Cache .hak
              id: cache
              uses: actions/cache@v3
              with:
                  key: ${{ runner.os }}-${{ hashFiles('hakDependencies.json', 'electronVersion') }}
                  path: |
                      ./.hak

            - uses: actions/setup-node@v3
              with:
                  cache: "yarn"
              env:
                  # Workaround for https://github.com/actions/setup-node/issues/317
                  FORCE_COLOR: 0

            # Does not need branch matching as only analyses this layer
            - name: Install Deps
              run: "yarn install --pure-lockfile"

            - name: Build Natives
              if: steps.cache.outputs.cache-hit != 'true'
              run: "yarn build:native"
              env:
                  SQLCIPHER_STATIC: ${{ inputs.sqlcipher == 'static' && '1' || '' }}

            - name: "[Nightly] Resolve version"
              id: nightly
              if: inputs.version != ''
              run: |
                  echo "config-args=--nightly '${{ inputs.version }}'" >> $GITHUB_OUTPUT

            - name: Generate debian files and arguments
              id: debian
              run: |
                  if [ -f changelog.Debian ]; then
                      echo "config-args=--deb-changelog changelog.Debian" >> $GITHUB_OUTPUT
                  fi

                  cp "$DIR/control.template" debcontrol
                  VERSION=${INPUT_VERSION:-$(cat package.json | jq -r .version)}
                  echo "Version: $VERSION" >> debcontrol
              env:
                  DIR: ${{ inputs.config }}
                  INPUT_VERSION: ${{ inputs.version }}

            - name: Build App
              run: |
                  npx ts-node scripts/generate-builder-config.ts \
                      ${{ steps.nightly.outputs.config-args }} \
                      ${{ steps.debian.outputs.config-args }} \
                      --deb-custom-control=debcontrol
                  yarn build --publish never -l --config electron-builder.json

            - name: Upload Artifacts
              uses: actions/upload-artifact@v3
              with:
                  name: linux-sqlcipher-${{ inputs.sqlcipher }}
                  path: dist
                  retention-days: 1