---

name: Build release

on:  # yamllint disable-line rule:truthy
  push:
    tags:
      - '*'
  workflow_dispatch:

jobs:
  build:
    name: Build release
    runs-on: [ubuntu-latest]
    strategy:
      fail-fast: false
      matrix:
        version: ['slim', 'full']

    steps:
      - name: Setup PHP, with composer and extensions
        id: setup-php
        # https://github.com/shivammathur/setup-php
        uses: shivammathur/setup-php@v2
        with:
          # Should match the minimum required version for SimpleSAMLphp
          php-version: '8.0'
          tools: composer:v2, phive
          extensions: mbstring, xml
          coverage: none

      - name: Setup problem matchers for PHP
        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"

      - uses: actions/checkout@v4

      # Store the version, stripping any v-prefix
      - name: Write release version
        run: |
          TAG="${{ github.ref_name }}"
          echo "VERSION=${TAG}" >> "$GITHUB_ENV"
          echo "COMPOSER_VERSION=$(composer config version)" >> "$GITHUB_ENV"

      - name: Validate composer.json and composer.lock
        run: composer validate

      - name: Make sure a version is set in composer.json that matches the tag
        if: "${{ env.COMPOSER_VERSION != env.VERSION }}"
        run: exit 1

      - name: Install Composer dependencies
        run: composer install --no-progress --no-dev --prefer-dist --optimize-autoloader

      - name: Install SimpleSAMLphp modules
        env:
          FILE: ".github/build/${{ matrix.version }}.json"
        run: |
          for k in $(jq '.modules | keys | .[]' "$FILE"); do
            module=$(jq -r ".modules[$k]" "$FILE");
            if [ -n "$module" ];
            then
              repository=$(jq -r '.repository' <<< "$module");
              v=$(jq -r '.version' <<< "$module");

              composer require "$repository:$v" --update-no-dev --ignore-platform-reqs
            fi
          done

      - name: Add composer.phar to the release
        run: phive --no-progress install --trust-gpg-keys CBB3D576F2A0946F --copy --target ./bin composer

      - name: Clean release
        run: |
          grep export-ignore .gitattributes | cut -d ' ' -f 1 | while IFS= read -r line
          do
            rm -rf "$line"
          done
          rm -rf .git

      - name: Build tarball
        run: |
          cd ..
          cp -R  simplesamlphp "simplesamlphp-$VERSION"
          TARGET="/tmp/simplesamlphp-$VERSION-${{ matrix.version }}.tar.gz"
          # remove -slim from the filename for our minimalistic build
          TARGET=${TARGET/-slim/}
          echo "VERSION=$TARGET" >> "$GITHUB_ENV"
          tar --owner 0 --group 0 -cvzf "$TARGET" "simplesamlphp-$VERSION"
          rm -rf "simplesamlphp-$VERSION"

      - name: Save tarball
        uses: actions/upload-artifact@v3
        with:
          name: release-${{ matrix.version }}
          path: "$TARGET"
          retention-days: 1

      - name: Calculate SHA checksum (${{ matrix.version }})
        run: sha256sum "$TARGET"