.github/workflows/_reusable_app_release.yml

on:
  workflow_call:
    inputs:
      fastlane_action:
        required: true
        type: string
      is_cloud_build:
        type: boolean
        default: true
      countly_enabled:
        type: boolean
      datadog_enabled:
        type: boolean
        default: false
      skip_security_tests:
        type: boolean
        default: true
      distribute_externals:
        type: boolean
        default: false

    secrets:
      KEYCHAIN_PASSWORD:
        required: true
      APPSTORE_API_KEY_BASE64:
        required: true
      MATCH_PASSWORD:
        required: true
      WIRE_INTERNAL_GITHUB_USER:
        required: true
      WIRE_INTERNAL_GITHUB_TOKEN:
        required: true
      APPCENTER_API_TOKEN:
        required: true
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true
      DD_API_KEY:
        required: true
      DATADOG_APP_ID:
        required: true
      DATADOG_CLIENT_TOKEN:
        required: true
      C1_S3_SUBFOLDER_RESTRICTED:
        required: true
      C1_APP_CENTER_APP_NAME_RESTRICTED:
        required: true
      C1_S3_SUBFOLDER_PRODUCTION:
        required: true
      C1_APP_CENTER_APP_NAME_PRODUCTION:
        required: true
      C3_S3_SUBFOLDER_RESTRICTED:
        required: true
      C3_APP_CENTER_APP_NAME_RESTRICTED:
        required: true
      C3_S3_SUBFOLDER_PRODUCTION:
        required: true
      C3_APP_CENTER_APP_NAME_PRODUCTION:
        required: true
      PLAYGROUND_TESTFLIGHT_LINK:
        required: true
      BETA_TESTFLIGHT_LINK:
        required: true
      COUNTLY_PRODUCTION_KEY:
        required: true
      COUNTLY_INTERNAL_KEY:
        required: true  
      SUBMODULE_PAT:
        required: true

env: # https://docs.fastlane.tools/getting-started/ios/setup/
  LC_ALL: en_US.UTF-8
  LANG: en_US.UTF-8

permissions: 
  checks: write

jobs:
  changelog:
    uses: ./.github/workflows/changelog.yml
    with:
      is_cloud_build: ${{ inputs.is_cloud_build }}
      
  build_and_release:
    needs: changelog
    runs-on: ghcr.io/cirruslabs/macos-runner:sonoma
    env:
      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
      MATCH_KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
      APPSTORE_API_KEY_BASE64: ${{ secrets.APPSTORE_API_KEY_BASE64 }}
      MATCH_PASSWORD: ${{ secrets.MATCH_PASSWORD }}
      WIRE_INTERNAL_GITHUB_USER: ${{ secrets.WIRE_INTERNAL_GITHUB_USER }}
      WIRE_INTERNAL_GITHUB_TOKEN: ${{ secrets.WIRE_INTERNAL_GITHUB_TOKEN }}
      APPCENTER_API_TOKEN: ${{ secrets.APPCENTER_API_TOKEN }}
      APPCENTER_OWNER_NAME: "Wire"
      S3_BUCKET: "z-lohika"
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 
      DATADOG_API_KEY: ${{ secrets.DD_API_KEY }}
      DATADOG_APP_ID: ${{ secrets.DATADOG_APP_ID }}
      DATADOG_CLIENT_TOKEN: ${{ secrets.DATADOG_CLIENT_TOKEN }}
      ENABLE_DATADOG: ${{ inputs.datadog_enabled }}
      C1_S3_SUBFOLDER_RESTRICTED: ${{ secrets.C1_S3_SUBFOLDER_RESTRICTED }}
      C1_APP_CENTER_APP_NAME_RESTRICTED: ${{ secrets.C1_APP_CENTER_APP_NAME_RESTRICTED }}
      C1_S3_SUBFOLDER_PRODUCTION: ${{ secrets.C1_S3_SUBFOLDER_PRODUCTION }}
      C1_APP_CENTER_APP_NAME_PRODUCTION: ${{ secrets.C1_APP_CENTER_APP_NAME_PRODUCTION }}
      C2_S3_SUBFOLDER_RESTRICTED: ${{ secrets.C2_S3_SUBFOLDER_RESTRICTED }}
      C2_APP_CENTER_APP_NAME_RESTRICTED: ${{ secrets.C2_APP_CENTER_APP_NAME_RESTRICTED }}
      C2_S3_SUBFOLDER_PRODUCTION: ${{ secrets.C2_S3_SUBFOLDER_PRODUCTION }}
      C2_APP_CENTER_APP_NAME_PRODUCTION: ${{ secrets.C2_APP_CENTER_APP_NAME_PRODUCTION }}
      C3_S3_SUBFOLDER_RESTRICTED: ${{ secrets.C3_S3_SUBFOLDER_RESTRICTED }}
      C3_APP_CENTER_APP_NAME_RESTRICTED: ${{ secrets.C3_APP_CENTER_APP_NAME_RESTRICTED }}
      C3_S3_SUBFOLDER_PRODUCTION: ${{ secrets.C3_S3_SUBFOLDER_PRODUCTION }}
      C3_APP_CENTER_APP_NAME_PRODUCTION: ${{ secrets.C3_APP_CENTER_APP_NAME_PRODUCTION }}
      BETA_TESTFLIGHT_LINK: ${{ secrets.BETA_TESTFLIGHT_LINK }}
      PLAYGROUND_TESTFLIGHT_LINK: ${{ secrets.PLAYGROUND_TESTFLIGHT_LINK }}
      COUNTLY_PRODUCTION_KEY: ${{ secrets.COUNTLY_PRODUCTION_KEY }}
      COUNTLY_INTERNAL_KEY: ${{ secrets.COUNTLY_INTERNAL_KEY }}
      ENABLE_COUNTLY: ${{ inputs.countly_enabled }}
      SLACK_WEBHOOK_URL: ${{ secrets.WIRE_IOS_CI_WEBHOOK }}
      SKIP_SECURITY_TESTS: ${{ inputs.skip_security_tests }}
      SEND_TO_EXTERNALS: ${{ inputs.distribute_externals }}
      REPO_ROOT: ${{ github.workspace }}
      PACKAGES_DIR: ${{ github.workspace }}/DerivedData/CachedSwiftPackages
      
    steps:
      - name: Add Masks
        run: |
            echo "::add-mask::${{ secrets.CLIENT_NAME_C1_C2_C3 }}"
            echo "::add-mask::${{ secrets.CLIENT_ID_C1_C2_C3 }}"
      - uses: actions/checkout@v4
        with:
          lfs: 'false'
          token: ${{ secrets.SUBMODULE_PAT }}
          submodules: recursive
      - name: Download changelog     
        id: download_changelog
        uses: actions/download-artifact@v4
        with:
          name: ${{ needs.changelog.outputs.changelog-name }}    
      - name: Retrieve Xcode version
        run: |
          echo "XCODE_VERSION=$(cat .xcode-version)" >> $GITHUB_OUTPUT
        id: xcode-version
      - uses: maxim-lobanov/setup-xcode@v1.6.0
        with:
          xcode-version: ${{ steps.xcode-version.outputs.XCODE_VERSION }}
      - name: Restore Carthage Cache
        uses: actions/cache@v4
        id: cache-carthage
        with:
          path: Carthage
          key: ${{ runner.os }}-xcode${{ steps.xcode-version.outputs.XCODE_VERSION }}-carthage-${{ hashFiles('Cartfile.resolved') }}
      - name: Bootstrap Carthage if no cache
        if: steps.cache-carthage.outputs.cache-hit != 'true'
        run: ./scripts/carthage.sh bootstrap --platform ios --use-xcframeworks

         # Restore Swift Package Dependencies Cache
      - name: Restore Swift Package Dependencies Cache
        id: cache-swift-packages
        uses: actions/cache@v3
        with:
          path: ${{ env.PACKAGES_DIR }}
          key: ${{ runner.os }}-swiftpm-project-${{ hashFiles('**/*.xcworkspace/xcshareddata/swiftpm/Package.resolved') }}-${{ env.ENABLE_COUNTLY }}-${{ env.ENABLE_DATADOG }}

        # Resolve Swift Package Dependencies
      - name: Resolve Swift Package Dependencies
        run: |
          ( cd $REPO_ROOT && xcodebuild -resolvePackageDependencies -disableAutomaticPackageResolution -clonedSourcePackagesDirPath "$PACKAGES_DIR" )

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - name: Run setup
        run: sh ./setup.sh
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: eu-west-1
      - name: Trigger build
        run: bundle exec fastlane ${{ inputs.fastlane_action }}
        env:
          HAS_PACKAGES_CACHE_HIT: ${{ steps.cache-swift-packages.outputs.cache-hit == 'true' }}
      - name: Archiving Logs
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: build-logs (${{ github.run_id }} - ${{ github.run_attempt}})
          path: |
            /Users/runner/Library/Developer/Xcode/DerivedData/**/Logs/**
            ~/Library/Logs/DiagnosticReports/**
            build/**

      - name: Archiving env variables
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: post-build-env-${{ inputs.fastlane_action }} (${{ github.run_id }} - ${{ github.run_attempt}})
          path: |
            **/.post_build/*.env
      - name: Load .env file
        if: always()
        uses: xom9ikk/dotenv@v2.3.0
        with:
          path: fastlane/.post_build
      - uses: akiojin/decode-base64-github-action@v1.0.2
        id: base64-decoded-S3_PATHS
        with:
          base64: ${{ env.S3_PATHS }}
      - name: Notify on Wire if succeeded
        if: success()
        uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          text: "**${{ env.APP_NAME }}** (version: ${{ env.BUILD_VERSION }} build: ${{ env.BUILD_NUMBER }}) is ready to test  🚀\n**COUNTLY_ENABLED:** ${{ env.ENABLE_COUNTLY }}\n**DATADOG_ENABLED:** ${{ env.ENABLE_DATADOG }}\n**CHANGELOG:** ${{ needs.changelog.outputs.changelog-url }}\n**Tap on iOS device to install:** ${{ env.BUILD_INSTALL_LINK }}\n**AWS S3 Paths:**\n`${{ steps.base64-decoded-S3_PATHS.outputs.decoded }}`\n**Triggered by:** ${{ github.triggering_actor }}\n**Build log:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n"
      - name: Notify on Wire if failed
        if: failure()
        uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          text: "🆘 Build **${{ env.APP_NAME }}** (version: ${{ env.BUILD_VERSION }} build: ${{ env.BUILD_NUMBER }}) failed 🆘\n**Triggered by:** ${{ github.triggering_actor }}\n**Build log:** ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n"