# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions

name: build KCC for mac os

on:
  workflow_dispatch:
  push:
    tags:
      - "v*.*.*"

    # Don't trigger if it's just a documentation update
    paths-ignore:
      - '**.md'
      - '**.MD'
      - '**.yml'
      - '**.sh'
      - 'docs/**'
      - 'Dockerfile'
      - 'LICENSE'
      - '.gitattributes'
      - '.gitignore'
      - '.dockerignore'

jobs:
  build:
    strategy:
      matrix:
        os: [ macos-15-intel, macos-14 ]
    runs-on: ${{ matrix.os }}
    env:
      MACOSX_DEPLOYMENT_TARGET: '12'
    steps:
      - uses: actions/checkout@v6
      - name: Set up Python
        uses: actions/setup-python@v6
        with:
          python-version: 3.11
          cache: 'pip'
      - name: Install python dependencies
        run: |
          python -m pip install --upgrade pip setuptools wheel pyinstaller certifi
          pip install -r requirements.txt
      - name: Install the Apple certificate and provisioning profile
#        TODO signing
#        https://federicoterzi.com/blog/automatic-code-signing-and-notarization-for-macos-apps-using-github-actions/
        if: ${{ false }}
        env:
          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
        run: |
          # create variables
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
          
          # import certificate and provisioning profile from secrets
          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
          
          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          
          # import certificate to keychain
          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH
          
          # apply provisioning profile
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
      - uses: actions/setup-node@v6
        with:
          node-version: 16
      - run: npm install -g appdmg
      - name: build binary
#        TODO /usr/bin/codesign --force -s "$MACOS_CERTIFICATE_NAME" --options runtime dist/Applications/Kindle\ Comic\ Converter.app -v
        run: |
          python setup.py build_binary
      - name: upload build
        uses: actions/upload-artifact@v5
        with:
          name: mac-os-build-${{ runner.arch }}
          path: dist/*.dmg
      - name: Release
        uses: softprops/action-gh-release@v2
        if: startsWith(github.ref, 'refs/tags/')
        with:
          prerelease: true
          generate_release_notes: true
          files: |
            dist/*.dmg
      - name: Clean up keychain and provisioning profile
#        TODO signing
        if: ${{ false }}
#        if: ${{ always() }}
        run: |
          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
          rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision