lidm/.github/workflows/make-release.yml

name: Make Release

on:
  workflow_dispatch:

jobs:
  release-checks:
    name: Release Checks
    runs-on: ubuntu-24.04
    permissions: write-all
    outputs:
      VERSION: ${{ steps.check-ver-changed.outputs.VERSION }}
    steps:
      - uses: awalsh128/cache-apt-pkgs-action@latest
        with:
          packages: "git"
          version: 1.0
      - uses: actions/checkout@v6
        with:
          fetch-tags: true

      - name: Check Version Changed
        id: check-ver-changed
        run: |
          GIT_TAG=$(git describe --no-long --abbrev=0 --tags --always)
          MAKE_TAG=$(make print-version)

          if [[ "$GIT_TAG" == "v$MAKE_TAG" ]]; then
            echo "ERR: Git tag matches makefile, did you bump Makefile up?" >&2
            exit 1
          fi

          echo "VERSION=$MAKE_TAG" >> "$GITHUB_OUTPUT"


  check:
    name: Check
    needs: release-checks
    uses: ./.github/workflows/check.yml
    permissions: write-all

  build:
    name: Build
    needs: release-checks
    uses: ./.github/workflows/build.yml
    permissions: write-all

  release:
    name: Make Release v${{ needs.release-checks.outputs.VERSION }}
    runs-on: ubuntu-24.04
    permissions: write-all
    needs: [ release-checks, check, build ]
    steps:
      - uses: actions/download-artifact@v4
        with:
          path: builds
          pattern: build-*
          merge-multiple: true

      - uses: ncipollo/release-action@v1
        with:
          tag: v${{ needs.release-checks.outputs.VERSION }}
          commit: ${{ github.sha }}
          artifacts: builds/lidm-*
          artifactErrorsFailBuild: true
          body: Release notes not generated yet.

  nix-update:
    name: Update NixOS module
    runs-on: ubuntu-24.04
    permissions: write-all
    needs: [ release-checks, release ]
    steps:
      - uses: cachix/install-nix-action@v31
      - uses: actions/checkout@v6
        with:
          fetch-tags: true

      - run: |
          tmpdir=$(mktemp -d)
          git archive v${{ needs.release-checks.outputs.VERSION }} | tar -xC "$tmpdir"
          sha256sum=$(nix hash path "$tmpdir")

          sed -i -E 's/(.*version\s*=\s*")[0-9.]*(".*)/\1'${{ needs.release-checks.outputs.VERSION }}'\2/' assets/pkg/nix/module.nix
          sed -i -E 's|(.*sha256\s*=\s*")[^"]*(".*)|\1'"$sha256sum"'\2|' assets/pkg/nix/module.nix
        # would be cool to be able to check the new module.nix builds

      - run: |
          BRANCH=actions/update-nix-${{ needs.release-checks.outputs.VERSION }}
          git config --global --add safe.directory $GITHUB_WORKSPACE
          git config user.name "GitHub Actions"
          git config user.email "actions@github.com"
          git checkout -b $BRANCH
          git commit -am "Update NixOS module to v${{ needs.release-checks.outputs.VERSION }}"
          git push -u origin $BRANCH
          gh pr create --head $BRANCH \
            --title "[Nix update]: Bump to ${{ needs.release-checks.outputs.VERSION }}" \
            --body "*This PR was created automatically*"
        env:
          GH_TOKEN: ${{ github.token }}