.github/workflows/release.yml

name: Release

on:
  push:
    branches:
      - "!*"
    tags:
      - '[0-9].[0-9]+.[0-9]+'

jobs:

  sign-pack-upload:

    runs-on: macos-12

    steps:

    - uses: actions/checkout@v2
      with:
        submodules: true

    # get copy of Mail.app since it's missing from the GitHub Actions runner images
    - name: checkout Mail.app
      uses: actions/checkout@v2
      with:
        repository: apparition47/Mail.app
        path: mail-app

    - uses: apple-actions/import-codesign-certs@v1
      with:
        p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
        p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}

    - name: build and package
      run: |
        make unsigntool
        xcodebuild \
          -project MailTrackerBlocker.xcodeproj \
          -target MailTrackerBlocker \
          BUNDLE_LOADER=mail-app/14.0/Mail.app/Contents/MacOS/Mail \
          build
        make pack

    - name: notarize and staple
      env:
        AC_USERNAME: ${{ secrets.AC_USERNAME }}
        AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
        AC_TEAMID: CW298N32P4
      run: |
        xcrun notarytool submit build/Release/MailTrackerBlocker.pkg \
          --apple-id "$AC_USERNAME" \
          --team-id "$AC_TEAMID" \
          --password "$AC_PASSWORD" \
          --wait
        xcrun stapler staple build/Release/MailTrackerBlocker.pkg

    - name: generate release log
      run: |
        CURRENT_TAG=${GITHUB_REF#refs/tags/}
        awk -v ver=$CURRENT_TAG '
         /^#+ \[/ { if (p) { exit }; if ($2 == "["ver"]") { p=1; next} } p && NF
        ' CHANGELOG.md > build/releaselog.md
    - name: create release
      id: create_release
      uses: actions/create-release@v1
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        tag_name: ${{ github.ref }}
        release_name: ${{ github.ref }} Release
        body_path: ./build/releaselog.md
        draft: false
        prerelease: false

    - name: upload release asset pkg
      id: upload-pkg
      uses: actions/upload-release-asset@v1.0.2
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      with:
        upload_url: ${{ steps.create_release.outputs.upload_url }}
        asset_path: ./build/Release/MailTrackerBlocker.pkg
        asset_name: MailTrackerBlocker.pkg
        asset_content_type: application/x-newton-compatible-pkg 

    - name: Checkout private Homebrew tap
      uses: actions/checkout@v2
      with:
        repository: apparition47/homebrew-tap
        path: apparition47-homebrew-tap
        token: ${{ secrets.REPO_PAT }} # repo scope

    - name: Branch name
      id: branch_name
      run: |
        echo ::set-output name=SOURCE_NAME::${GITHUB_REF#refs/*/}
        echo ::set-output name=SOURCE_BRANCH::${GITHUB_REF#refs/heads/}
        echo ::set-output name=SOURCE_TAG::${GITHUB_REF#refs/tags/}

    - name: Update cask in Homebrew tap
      run: |
        CASK_NAME=mailtrackerblocker
        CASK_VERSION=${{ steps.branch_name.outputs.SOURCE_TAG }}
        CASK_SHA256=$(shasum --algorithm 256 "build/Release/MailTrackerBlocker.pkg" | awk '{print $1}')

        brew update
        brew bump-cask-pr --no-browse --sha256 ${CASK_SHA256} --version ${CASK_VERSION} --no-audit --no-style ${CASK_NAME}

        cd apparition47-homebrew-tap
        git config --local user.name "${USER_NAME}"
        git config --local user.email "${USER_NAME}@users.noreply.github.com"
        sed -i '' "s/\( *version *\"\)\([^\"]*\)\"/\1${CASK_VERSION}\"/" Casks/${CASK_NAME}.rb
        sed -i '' "s/\( *sha256 *\"\)\([^\"]*\)\"/\1${CASK_SHA256}\"/" Casks/${CASK_NAME}.rb
        git add Casks/${CASK_NAME}.rb
        git commit -m "update ${CASK_NAME} to v${CASK_VERSION}"
        git push origin
      env:
        HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }} # repo:public_repo, workflow scope
        USER_NAME: ${{ github.event.sender.login }}