---
name: Release

on:
  workflow_dispatch:
    inputs:
      release_type:
        description: 'Release Options'
        required: true
        default: 'Initial Release'
        type: choice
        options:
          - Initial Release
          - Redeploy

jobs:
  setup:
    name: Setup
    runs-on: ubuntu-20.04
    outputs:
      release_version: ${{ steps.version.outputs.package }}
      tag_version: ${{ steps.version.outputs.tag }}
      branch-name: ${{ steps.branch.outputs.branch-name }}
    steps:
      - name: Branch check
        run: |
          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix" ]]; then
            echo "==================================="
            echo "[!] Can only release from the 'rc' or 'hotfix' branches"
            echo "==================================="
            exit 1
          fi

      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # 2.3.4

      - name: Check Release Version
        id: version
        run: |
          version=$( jq -r ".version" package.json)
          previous_release_tag_version=$(
            curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
          )

          if [ "v$version" == "$previous_release_tag_version" ] && \
          [ "${{ github.event.inputs.release_type }}" == "Initial Release" ]; then
            echo "[!] Already released v$version. Please bump version to continue"
            exit 1
          fi

          echo "::set-output name=package::$version"
          echo "::set-output name=tag::v$version"

      - name: Get branch name
        id: branch
        run: |
          BRANCH_NAME=$(basename ${{ github.ref }})
          echo "::set-output name=branch-name::$BRANCH_NAME"

  self-host:
    name: Release self-host docker
    runs-on: ubuntu-20.04
    needs: setup
    env:
      _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
    steps:
      - name: Print environment
        run: |
          whoami
          docker --version
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"

      - name: Setup DCT
        id: setup-dct
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
          azure-keyvault-name: "bitwarden-prod-kv"

      - name: Checkout repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

      - name: Pull latest selfhost image
        run: docker pull bitwarden/web:$_BRANCH_NAME

      - name: Tag version and latest
        run: |
          docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION
          docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:latest

      - name: List Docker images
        run: docker images

      - name: Push version and latest image
        env:
          DOCKER_CONTENT_TRUST: 1
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
        run: |
          docker push bitwarden/web:$_RELEASE_VERSION
          docker push bitwarden/web:latest

      - name: Log out of Docker
        run: docker logout

  ghpages-deploy:
    name: Deploy Web Vault
    runs-on: ubuntu-20.04
    needs:
      - setup
      - self-host
    env:
      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
    steps:
      - name: Checkout Repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
        with:
          ref: gh-pages

      - name: Create deploy branch
        run: |
          git switch -c deploy-$_TAG_VERSION
          git push -u origin deploy-$_TAG_VERSION

      - name: Checkout Repo
        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4

      - name: Setup git config
        run: |
          git config user.name = "GitHub Action Bot"
          git config user.email = "<>"
          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
          git config --global url."https://".insteadOf ssh://

      - name: Download latest cloud asset
        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ needs.setup.outputs.branch-name }}
          artifacts: web-*-cloud-COMMERCIAL.zip

      # This should result in a build directory in the current working directory
      - name: Unzip build asset
        run: unzip web-*-cloud-COMMERCIAL.zip

      - name: Deploy GitHub Pages
        uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925  # v2.5.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          target_branch: deploy-${{ needs.setup.outputs.tag_version }}
          build_dir: build
          keep_history: true
          commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}"

      - name: Create Deploy PR
        env:
          PR_BRANCH: deploy-${{ env._TAG_VERSION }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh pr create --title "Deploy $_RELEASE_VERSION" \
            --body "Deploying $_RELEASE_VERSION" \
            --base gh-pages \
            --head "$PR_BRANCH"

  release:
    name: Create GitHub Release
    runs-on: ubuntu-20.04
    needs:
      - setup
      - self-host
      - ghpages-deploy
    steps:
      - name: Download latest build artifacts
        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
        with:
          workflow: build.yml
          workflow_conclusion: success
          branch: ${{ needs.setup.outputs.branch-name }}
          artifacts: "web-*-selfhosted-COMMERCIAL.zip,
            web-*-selfhosted-open-source.zip"

      - name: Rename assets
        run: |
          mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip
          mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip

      - name: Create release
        uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
        with:
          name: "Version ${{ needs.setup.outputs.release_version }}"
          commit: ${{ github.sha }}
          tag: "${{ needs.setup.outputs.tag_version }}"
          body: "<insert release notes here>"
          artifacts: "web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip,
            web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip"
          token: ${{ secrets.GITHUB_TOKEN }}
          draft: true