# Copyright © Michal Čihař <michal@weblate.org>
#
# SPDX-License-Identifier: GPL-3.0-or-later

name: Distribution

on:
  push:
    branches-ignore:
    - deepsource-fix-**
    - renovate/**
    - weblate
    tags:
    - weblate-*
  pull_request:

permissions:
  contents: read

jobs:
  dist:
    runs-on: ubuntu-24.04
    name: Build packages
    env:
      PYTHONUNBUFFERED: 1
      PYTHONWARNINGS: default,ignore:unclosed:ResourceWarning
    permissions:
      # Needed for Sigstore
      id-token: write
      # Needed for attestations
      attestations: write
    steps:
    - uses: actions/checkout@v4
    - uses: astral-sh/setup-uv@v5
    - name: Setup Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.13'
    - name: build
      run: |
        echo "::add-matcher::.github/matchers/setuptools.json"
        uv build
        echo "::remove-matcher owner=setuptools::"
    - name: Sign the dists with Sigstore
      if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
      uses: sigstore/gh-action-sigstore-python@v3.0.0
      with:
        inputs: dist/*
    - name: Attest
      if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
      uses: actions/attest-build-provenance@v2
      with:
        subject-path: dist/*
    - uses: actions/upload-artifact@v4
      with:
        path: dist/*
        name: dist

  lint:
    runs-on: ubuntu-24.04
    name: Lint packages
    env:
      PYTHONUNBUFFERED: 1
    needs:
    - dist
    steps:
    - uses: actions/checkout@v4
    - name: Install apt dependencies
      run: sudo ./ci/apt-install
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.13'
    - uses: astral-sh/setup-uv@v5
      with:
        enable-cache: true
        cache-dependency-glob: ''
        cache-suffix: '3.13'
    - uses: actions/download-artifact@v4
    - name: Cleanup dist
      # Remove files not supported on PyPI (eg. Sigstore signatures)
      run: find dist -mindepth 1 -not -name '*.tar.gz' -not -name '*.whl' -delete
    - name: list wheel
      run: unzip -l dist/*.whl
    - name: list sdist
      run: tar tvf dist/*.tar.gz
    - name: twine check
      run: uvx twine check --strict dist/*
    - name: pydistcheck
      run: uvx pydistcheck --inspect dist/*
    - name: pyroma
      run: uvx pyroma dist/*.tar.gz
    - name: check-wheel-contents
      run: uvx check-wheel-contents dist/*.whl
    - name: check-manifest
      run: uvx check-manifest -v
    - name: install
      run: |
        uv venv .venv-install
        source .venv-install/bin/activate
        uv pip install dist/*.whl

  notes:
    runs-on: ubuntu-24.04
    name: Build release notes
    steps:
    - uses: actions/checkout@v4
    - uses: astral-sh/setup-uv@v5
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.13'
    - name: Install apt dependencies
      run: |
        sudo apt update
        sudo apt install -y graphviz pandoc
    - name: Install Python dependencies
      run: uv sync --no-sources --only-group docs --frozen
    - name: Sphinx build
      run: |
        . .venv/bin/activate
        ./ci/run-docs
    - name: Convert release notes
      run: |
        version=$(sed -n '/^VERSION =/ s/.*"\(.*\)"/\1/p' weblate/utils/version.py)
        namever="weblate-$version"
        sed "s/latest/$namever/" < scripts/release-notes-filter.lua > scripts/release-notes-filter.version.lua
        mkdir dist
        ./scripts/extract-release-notes > "dist/Weblate-$version.html"
        pandoc "dist/Weblate-$version.html" --write=gfm --wrap=none --lua-filter=scripts/release-notes-filter.version.lua -o "dist/Weblate-$version.md"
        rm scripts/release-notes-filter.version.lua
    - uses: actions/upload-artifact@v4
      with:
        path: dist/*
        name: notes

  publish_pypi:
    name: Publish to PyPI
    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
    permissions:
      # this permission is mandatory for trusted publishing
      id-token: write
    needs:
    - notes
    - dist
    - lint
    runs-on: ubuntu-24.04
    steps:
    - uses: actions/download-artifact@v4
    - name: Cleanup dist
      # Remove files not supported on PyPI (eg. Sigstore signatures)
      run: find dist -mindepth 1 -not -name '*.tar.gz' -not -name '*.whl' -delete
    - uses: astral-sh/setup-uv@v5
    - run: uv publish --trusted-publishing always

  publish_github:
    name: Publish to GitHub
    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/weblate')
    permissions:
      # this permission is mandatory for creating a release
      contents: write
    needs:
    - notes
    - dist
    - lint
    runs-on: ubuntu-24.04
    steps:
    - uses: actions/download-artifact@v4
    - name: Extract notes body
      run: tail -n+3 notes/Weblate-*.md > notes.md
    - name: Extract notes title
      id: get-name
      run: echo name=$(head -n1 notes/Weblate-*.md)  > "$GITHUB_OUTPUT"
    - uses: ncipollo/release-action@v1
      with:
        artifacts: dist/*
        bodyFile: notes.md
        name: ${{ steps.get-name.outputs.name }}