name: Create Release

# Manually triggered from the GitHub UI (Actions → Create Release → Run workflow)
on:
  workflow_dispatch:
    inputs:
      version:
        description: 'Version tag (e.g. v1.0.0)'
        required: true
        type: string
      release_notes:
        description: 'Release notes / description (optional)'
        required: false
        type: string
        default: ''

jobs:
  release:
    name: Build & Publish Release
    runs-on: ubuntu-latest
    # Needed to create tags, releases, and upload assets
    permissions:
      contents: write

    steps:
      # ──────────────────────────────────────────────
      # 1. Checkout Panel-stable with full history so
      #    we can inspect branches and create tags.
      # ──────────────────────────────────────────────
      - name: Checkout Panel-stable
        uses: actions/checkout@v4
        with:
          ref: Panel-stable
          fetch-depth: 0

      # ──────────────────────────────────────────────
      # 2. Safety: abort if the tag already exists to
      #    prevent accidental overwrites.
      # ──────────────────────────────────────────────
      - name: Check that tag does not already exist
        run: |
          VERSION="${{ github.event.inputs.version }}"
          echo "Checking for existing tag: ${VERSION}"
          if git ls-remote --tags origin "refs/tags/${VERSION}" | grep -q "${VERSION}"; then
            echo "::error::Tag '${VERSION}' already exists on origin. Aborting."
            exit 1
          fi
          echo "Tag '${VERSION}' does not exist yet — safe to proceed."

      # ──────────────────────────────────────────────
      # 3. Create the annotated git tag on Panel-stable
      #    and push it to origin.
      # ──────────────────────────────────────────────
      - name: Create and push git tag
        run: |
          VERSION="${{ github.event.inputs.version }}"
          git config user.name  "github-actions[bot]"
          git config user.email "github-actions[bot]@users.noreply.github.com"
          git tag -a "${VERSION}" -m "Release ${VERSION}"
          git push origin "${VERSION}"
          echo "Tag '${VERSION}' pushed to origin."

      # ──────────────────────────────────────────────
      # 4. Build the release ZIP, excluding files that
      #    should never ship (secrets, dev artifacts,
      #    version-control metadata, etc.).
      # ──────────────────────────────────────────────
      - name: Build release ZIP artifact
        run: |
          VERSION="${{ github.event.inputs.version }}"
          ARCHIVE="gsp-${VERSION}.zip"

          echo "Building ${ARCHIVE} …"

          zip -r "${ARCHIVE}" . \
            --exclude ".git/*" \
            --exclude ".github/*" \
            --exclude "node_modules/*" \
            --exclude "vendor/*" \
            --exclude "logs/*" \
            --exclude "backups/*" \
            --exclude "*.log" \
            --exclude "*.sql" \
            --exclude "includes/config.php" \
            --exclude "modules/billing/includes/config.inc.php" \
            --exclude ".password" \
            --exclude "*.password"

          echo "Archive created:"
          ls -lh "${ARCHIVE}"

      # ──────────────────────────────────────────────
      # 5. Create the GitHub Release and upload the
      #    ZIP asset.  Uses only the built-in
      #    GITHUB_TOKEN — no personal token needed.
      # ──────────────────────────────────────────────
      - name: Create GitHub Release and upload asset
        uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{ github.event.inputs.version }}
          name: "GSP ${{ github.event.inputs.version }}"
          body: ${{ github.event.inputs.release_notes }}
          draft: false
          prerelease: false
          files: gsp-${{ github.event.inputs.version }}.zip
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}