# This workflow publishes one or more modules to Maven Central when a version tag is pushed
# to the main branch.
#
# Supported tag formats:
#   <module>/v<version>              — publish a single module    (e.g. tuple/v3.3.1)
#   <module>+<module>/v<version>     — publish multiple modules   (e.g. tuple+crypto-toolbox/v3.3.1)
#   v<version>                       — publish all modules        (e.g. v3.4.0)
#
# Valid module names: common-toolbox, tuple, identity-generator, crypto-toolbox, math-toolbox, version-catalogue

name: Publish Packages to Maven Central

on:
  push:
    tags:
      - 'v[0-9]*.[0-9]*.[0-9]*'
      - '*/v[0-9]*.[0-9]*.[0-9]*'

jobs:
  publish:
    name: Build and Publish
    runs-on: self-hosted
    permissions:
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0

      - name: Verify Tag is on Main Branch
        run: |
          if ! git merge-base --is-ancestor HEAD origin/main; then
            echo "::error::Tag ${{ github.ref_name }} does not point to a commit on the main branch"
            echo "Tags must be pushed after the commit is merged to main."
            exit 1
          fi
          echo "✓ Tag ${{ github.ref_name }} is on main"

      - name: Parse Tag
        id: parse-tag
        run: |
          declare -A MODULE_PROPS=(
            ["common-toolbox"]="commonToolboxVersion"
            ["tuple"]="tupleVersion"
            ["identity-generator"]="identityGeneratorVersion"
            ["crypto-toolbox"]="cryptoToolboxVersion"
            ["math-toolbox"]="mathToolboxVersion"
            ["version-catalogue"]="versionCatalogueVersion"
          )

          TAG="${{ github.ref_name }}"
          echo "Tag: ${TAG}"

          # <module>[+<module>...]/v<version> — one or more specific modules
          if [[ "${TAG}" =~ ^([a-z][a-z0-9-]+(\+[a-z][a-z0-9-]+)*)/v?([0-9]+\.[0-9]+\.[0-9]+.*)$ ]]; then
            IFS='+' read -ra MODULES <<< "${BASH_REMATCH[1]}"
            VERSION="${BASH_REMATCH[3]}"

          # v<version> — all modules
          else
            MODULES=("common-toolbox" "tuple" "identity-generator" "crypto-toolbox" "math-toolbox" "version-catalogue")
            VERSION="${TAG#v}"
          fi

          # Validate all modules
          for m in "${MODULES[@]}"; do
            if [ -z "${MODULE_PROPS[$m]}" ]; then
              echo "::error::Unknown module: ${m}"
              echo "Valid modules: ${!MODULE_PROPS[*]}"
              exit 1
            fi
          done

          echo "version=${VERSION}"  >> $GITHUB_OUTPUT
          echo "count=${#MODULES[@]}" >> $GITHUB_OUTPUT

          for m in "${MODULES[@]}"; do
            echo "→ ${m} @ ${VERSION}"
          done

          # Store module list as a multi-line output
          {
            echo "modules<<MODULES_EOF"
            printf '%s\n' "${MODULES[@]}"
            echo "MODULES_EOF"
          } >> $GITHUB_OUTPUT

          # Store property mappings
          {
            echo "props<<PROPS_EOF"
            for m in "${MODULES[@]}"; do
              echo "${m}=${MODULE_PROPS[$m]}"
            done
            echo "PROPS_EOF"
          } >> $GITHUB_OUTPUT

      - name: Setup GPG TTY
        run: export GPG_TTY=$(tty)

      - name: Import PGP Private Key
        uses: crazy-max/ghaction-import-gpg@v6.3.0
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          trust_level: 5

      - name: Creating PGP Ring Key
        run: |
          mkdir -p ~/.gnupg
          echo ${{ secrets.GPG_PASSPHRASE }} | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --export-secret-keys -o ~/.gnupg/gpg_key.ring

      - name: Restore gradle.properties
        env:
          GRADLE_PROPERTIES: ${{ secrets.GRADLE_PROPERTIES }}
        shell: bash
        run: |
          mkdir -p ~/.gradle/
          echo "GRADLE_USER_HOME=${HOME}/.gradle" >> $GITHUB_ENV
          echo "${GRADLE_PROPERTIES}" > ~/.gradle/gradle.properties

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: "17"
          distribution: "corretto"

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4.4.1

      - name: Grant Execution Authority to Gradlew
        run: chmod +x ./gradlew

      - name: Build with Gradle
        env:
          MODULES: ${{ steps.parse-tag.outputs.modules }}
          PROPS: ${{ steps.parse-tag.outputs.props }}
          VERSION: ${{ steps.parse-tag.outputs.version }}
        run: |
          declare -A MODULE_PROPS
          while IFS='=' read -r key value; do
            MODULE_PROPS[$key]="$value"
          done <<< "$PROPS"

          while IFS= read -r MODULE; do
            echo "::group::Building ${MODULE}"
            PROP="${MODULE_PROPS[$MODULE]}"
            ./gradlew ":${MODULE}:build" "-P${PROP}=${VERSION}"
            echo "::endgroup::"
          done <<< "$MODULES"

      - name: List Output Items
        run: ls -l ./**/build/libs

      - name: Publish to Maven Central
        env:
          MODULES: ${{ steps.parse-tag.outputs.modules }}
          PROPS: ${{ steps.parse-tag.outputs.props }}
          VERSION: ${{ steps.parse-tag.outputs.version }}
        run: |
          declare -A MODULE_PROPS
          while IFS='=' read -r key value; do
            MODULE_PROPS[$key]="$value"
          done <<< "$PROPS"

          while IFS= read -r MODULE; do
            echo "::group::Publishing ${MODULE}"
            PROP="${MODULE_PROPS[$MODULE]}"
            ./gradlew ":${MODULE}:publish" "-P${PROP}=${VERSION}"
            echo "::endgroup::"
          done <<< "$MODULES"

      - name: Create Deployment on Central Publisher Portal
        run: |
          curl --fail -X 'POST' \
            'https://ossrh-staging-api.central.sonatype.com/manual/upload/defaultRepository/com.onixbyte?publishing_type=user_managed' \
            -H 'accept: */*' \
            -H 'Authorization: Bearer ${{ secrets.MAVEN_PORTAL_TOKEN }}' \
            -d ''