name: Build & Publish Unsigned macOS Release

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:

jobs:
  build-macos:
    runs-on: macos-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install frontend deps
        run: |
          cd frontend
          npm ci

      - name: Install backend deps
        run: |
          cd backend
          npm ci

      - name: Build & package Electron app
        run: |
          cd frontend
          npm run electron:build

      - name: Create GitHub Release
        id: create_release
        uses: actions/create-release@v1
        with:
          tag_name: ${{ github.ref_name || github.sha }}
          release_name: Release ${{ github.ref_name || github.sha }}
          draft: false
          prerelease: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload packaged artifacts to release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          UPLOAD_URL: ${{ steps.create_release.outputs.upload_url }}
        run: |
          set -euo pipefail
          # Upload any dmg/zip files produced by electron-builder
          for f in frontend/dist/*.{dmg,zip}; do
            [ -f "$f" ] || continue
            name=$(basename "$f")
            echo "Uploading $f as $name"
            curl -sSL -X POST -H "Authorization: token ${GITHUB_TOKEN}" -H "Content-Type: application/octet-stream" --data-binary @"$f" "${UPLOAD_URL}?name=${name}"
          done