name: macos_build

on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * *'
  push:
  pull_request:
    branches: [ master ]

jobs:
  build:
    runs-on: macOS-latest
    env:
      OS_NAME: "osx"
      VSCODE_ARCH: "x64"
    steps:
      - uses: actions/checkout@v2
        
      - name: Setup Node.js environment
        uses: actions/setup-node@v1
        with:
          node-version: 12.14.1
          
      - name: Check PR or cron
        run: |
          . check_cron_or_pr.sh

      - name: Clone VSCode repo
        run: |
          . get_repo.sh

      - name: Check existing VSCodium tags/releases
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          . check_tags.sh
        if: env.SHOULD_DEPLOY == 'yes'

      - name: Compute cache key
        id: yarnCacheKey
        run: echo "::set-output name=value::$(node build/azure-pipelines/computeYarnCacheKey.js)"
        if: env.SHOULD_BUILD == 'yes'

      - name: Get yarn cache directory path
        id: yarnCacheDirPath
        run: echo "::set-output name=dir::$(yarn cache dir)"
        if: env.SHOULD_BUILD == 'yes'

      - name: Cache yarn directory
        uses: actions/cache@v2
        with:
          path: ${{ steps.yarnCacheDirPath.outputs.dir }}
          key: ${{ env.OS_NAME }}-${{ env.VSCODE_ARCH }}-yarnCacheDir-${{ steps.yarnCacheKey.outputs.value }}
          restore-keys: ${{ env.OS_NAME }}-${{ env.VSCODE_ARCH }}-yarnCacheDir-
        if: env.SHOULD_BUILD == 'yes'

      - name: Build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: ./build.sh
        if: env.SHOULD_BUILD == 'yes'

      - name: Sign binary
        env:
          CERTIFICATE_OSX_P12: ${{ secrets.CERTIFICATE_OSX_P12 }}
          CERTIFICATE_OSX_PASSWORD: ${{ secrets.CERTIFICATE_OSX_PASSWORD }}
          CERTIFICATE_OSX_ID: ${{ secrets.CERTIFICATE_OSX_ID }}
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'
        run: |
          if [ -d "VSCode-darwin-${VSCODE_ARCH}" ]; then # just in case the build failed
            cd "VSCode-darwin-${VSCODE_ARCH}"
            export CERTIFICATE_P12=VSCodium.p12
            echo $CERTIFICATE_OSX_P12 | base64 --decode > $CERTIFICATE_P12
            export KEYCHAIN=build.keychain
            security create-keychain -p mysecretpassword $KEYCHAIN
            security default-keychain -s $KEYCHAIN
            security unlock-keychain -p mysecretpassword $KEYCHAIN
            security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign
            security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword $KEYCHAIN
            codesign --deep --force --verbose --sign "$CERTIFICATE_OSX_ID" VSCodium.app
          fi

      - name: Zip release
        run: |
          cd "VSCode-darwin-${VSCODE_ARCH}"
          zip -r -X -y ../VSCodium-darwin-${VSCODE_ARCH}-${LATEST_MS_TAG}.zip ./*.app
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'

      - name: DMG the release
        run: |
          pushd "VSCode-darwin-${VSCODE_ARCH}"
          npx create-dmg VSCodium.app ..
          mv "../VSCodium ${LATEST_MS_TAG}.dmg" "../VSCodium.${VSCODE_ARCH}.${LATEST_MS_TAG}.dmg"
          popd
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'

      - name: Generate shasums
        run: ./sum.sh
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'
      
      - name: Release
        uses: softprops/action-gh-release@v1
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'
        with:
          tag_name: ${{ env.LATEST_MS_TAG }}
          files: |
            ./*.zip
            ./*.dmg
            ./*.sha256
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Update versions repo
        if: env.SHOULD_BUILD == 'yes' && env.SHOULD_DEPLOY == 'yes'
        run: ./update_version.sh
        env:
          GITHUB_TOKEN: ${{ secrets.STRONGER_GITHUB_TOKEN }}
          GITHUB_USERNAME: ${{ github.repository_owner }}