name: Release

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

concurrency:
  group: release-${{ github.ref }}
  cancel-in-progress: false

permissions:
  contents: write

jobs:
  goreleaser:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.23'

      - name: Install cross-compilation toolchains
        run: |
          sudo apt-get update
          sudo apt-get install -y gcc-mingw-w64-x86-64 gcc-aarch64-linux-gnu

      - name: Run GoReleaser
        uses: goreleaser/goreleaser-action@v6
        with:
          distribution: goreleaser
          version: '~> v2'
          args: >
            release --clean
            ${{ github.repository != 'steveyegge/gastown' && '--skip=publish --skip=announce' || '' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  publish-npm:
    runs-on: ubuntu-latest
    needs: goreleaser
    if: ${{ github.repository == 'steveyegge/gastown' }}
    permissions:
      contents: read
      id-token: write  # Required for npm provenance/trusted publishing
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          registry-url: 'https://registry.npmjs.org'

      - name: Update npm for OIDC trusted publishing
        run: npm install -g npm@latest  # Requires npm >= 11.5.1 for trusted publishing

      - name: Publish to npm
        run: |
          cd npm-package
          npm publish --access public
          # Uses OIDC trusted publishing - no token needed
          # Provenance attestations are automatic with trusted publishing

  update-homebrew:
    runs-on: ubuntu-latest
    needs: goreleaser
    if: ${{ github.repository == 'steveyegge/gastown' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get release info
        id: release
        run: |
          TAG="${GITHUB_REF#refs/tags/}"
          echo "tag=${TAG}" >> $GITHUB_OUTPUT
          echo "version=${TAG#v}" >> $GITHUB_OUTPUT

      - name: Download checksums
        run: |
          curl -sL "https://github.com/steveyegge/gastown/releases/download/${{ steps.release.outputs.tag }}/checksums.txt" -o checksums.txt

      - name: Extract checksums
        id: checksums
        run: |
          echo "darwin_amd64=$(grep 'darwin_amd64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
          echo "darwin_arm64=$(grep 'darwin_arm64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
          echo "linux_amd64=$(grep 'linux_amd64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT
          echo "linux_arm64=$(grep 'linux_arm64.tar.gz' checksums.txt | awk '{print $1}')" >> $GITHUB_OUTPUT

      - name: Update Homebrew formula
        run: |
          mkdir -p Formula
          cat > Formula/gt.rb <<'EOF'
          class Gt < Formula
            desc "Gas Town CLI - multi-agent workspace manager"
            homepage "https://github.com/steveyegge/gastown"
            version "${{ steps.release.outputs.version }}"
            license "MIT"

            on_macos do
              if Hardware::CPU.arm?
                url "https://github.com/steveyegge/gastown/releases/download/v#{version}/gastown_#{version}_darwin_arm64.tar.gz"
                sha256 "${{ steps.checksums.outputs.darwin_arm64 }}"
              else
                url "https://github.com/steveyegge/gastown/releases/download/v#{version}/gastown_#{version}_darwin_amd64.tar.gz"
                sha256 "${{ steps.checksums.outputs.darwin_amd64 }}"
              end
            end

            on_linux do
              if Hardware::CPU.arm? && Hardware::CPU.is_64_bit?
                url "https://github.com/steveyegge/gastown/releases/download/v#{version}/gastown_#{version}_linux_arm64.tar.gz"
                sha256 "${{ steps.checksums.outputs.linux_arm64 }}"
              else
                url "https://github.com/steveyegge/gastown/releases/download/v#{version}/gastown_#{version}_linux_amd64.tar.gz"
                sha256 "${{ steps.checksums.outputs.linux_amd64 }}"
              end
            end

            def install
              bin.install "gt"
            end

            test do
              system "#{bin}/gt", "version"
            end
          end
          EOF

      - name: Push to homebrew-gastown
        env:
          HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
        run: |
          if [ -z "$HOMEBREW_TAP_TOKEN" ]; then
            echo "::warning::HOMEBREW_TAP_TOKEN not set - skipping Homebrew update"
            echo "To enable automatic Homebrew updates:"
            echo "1. Create a Personal Access Token with 'repo' scope"
            echo "2. Add it as HOMEBREW_TAP_TOKEN in repository secrets"
            exit 0
          fi

          git clone "https://x-access-token:${HOMEBREW_TAP_TOKEN}@github.com/steveyegge/homebrew-gastown.git" tap
          cp Formula/gt.rb tap/Formula/gt.rb
          cd tap
          git config user.name "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git add Formula/gt.rb
          git commit -m "Update gt to ${{ steps.release.outputs.version }}"
          git push