# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Build iOS

run-name: Build iOS v${{ inputs.version }}

on:
  workflow_call:
    inputs:
      version:
        description: "Version"
        required: true
        type: string
      include-iap:
        type: boolean
        description: Include IAP package
        default: true
      stage-backend:
        type: boolean
        description: Use stage backend
        default: true
  workflow_dispatch:
    inputs:
      version:
        description: "Version"
        required: true
        type: string
      include-iap:
        type: boolean
        description: Include IAP package
        default: true
      stage-backend:
        type: boolean
        description: Use stage backend
        default: true

env:
  FLAVOR: "prod"
  RELEASE_NOTES_ARTIFACT_NAME: release_notes_en_${{ inputs.version }}
  RELEASE_NOTES_PATH: "assets/release_notes"

jobs:
  build:
    name: Build .ipa
    runs-on: macos-latest
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive

      - name: Connect private iap package
        uses: webfactory/ssh-agent@v0.8.0
        with:
          ssh-private-key: ${{ secrets.M3_LIGHTMETER_IAP_KEY }}

      - name: Install the Apple certificate and provisioning profile
        env:
          APP_STORE_P12: ${{ secrets.APP_STORE_P12 }}
          APP_STORE_P12_PASSWORD: ${{ secrets.APP_STORE_P12_PASSWORD }}
          APP_STORE_PROVISION_PROD: ${{ secrets.APP_STORE_PROVISION_PROD }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
        run: |
          # create variables
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          PROVISION_PATH=$RUNNER_TEMP/build_provision.mobileprovision
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db

          # import certificate and provisioning profile from secrets
          echo -n "$APP_STORE_P12" | base64 --decode -o $CERTIFICATE_PATH
          echo -n "$APP_STORE_PROVISION_PROD" | base64 --decode -o $PROVISION_PATH

          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH

          # import certificate to keychain
          security import $CERTIFICATE_PATH -P "$APP_STORE_P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH

          # apply provisioning profile
          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
          cp $PROVISION_PATH ~/Library/MobileDevice/Provisioning\ Profiles

      - name: Restore GoogleService-Info.plist
        run: bash .github/scripts/restore_from_base64.sh "${{ secrets.GOOGLE_SERVICES_JSON_IOS }}" "ios/Runner/GoogleService-Info.plist"

      - name: Restore ExportOptions.plist
        run: bash .github/scripts/restore_from_base64.sh "${{ secrets.APP_STORE_EXPORT_OPTIONS }}" "ios/Runner/ExportOptions.plist"

      - name: Setup Firebase
        run: |
          bash .github/scripts/restore_from_base64.sh "${{ secrets.FIREBASE_APP_ID_FILE }}" "ios/firebase_app_id_file.json"
          bash .github/scripts/restore_from_base64.sh "${{ secrets.FIREBASE_OPTIONS }}" "lib/firebase_options.dart"
          bash .github/scripts/restore_from_base64.sh "${{ secrets.FIREBASE_JSON }}" "firebase.json"

      - name: Restore constants.dart
        env:
          CONSTANTS: ${{inputs.stage-backend && secrets.CONSTANTS_STAGE || secrets.CONSTANTS }}
        run: bash .github/scripts/restore_from_base64.sh "${{ env.CONSTANTS }}" "lib/constants.dart"

      - name: Increment build number & replace version number
        run: bash ./.github/scripts/increment_build_number.sh ${{ github.event.inputs.version }}

      - name: Download release notes
        continue-on-error: true
        uses: actions/download-artifact@v3
        with:
          name: ${{ env.RELEASE_NOTES_ARTIFACT_NAME }}
          path: ${{ env.RELEASE_NOTES_PATH }}

      - name: Install Flutter
        uses: subosito/flutter-action@v2
        with:
          channel: "stable"
          flutter-version: "3.27.1"

      - name: Prepare flutter project
        run: |
          flutter --version
          flutter pub get
          flutter pub run intl_utils:generate
          dart pub global activate flutterfire_cli

      - name: Build .ipa
        run: |
          flutter build ipa \
            --release \
            --flavor $FLAVOR \
            --target lib/main_$FLAVOR.dart \
            --export-options-plist=ios/Runner/ExportOptions.plist

      - name: Upload artifact
        uses: actions/upload-artifact@v3
        with:
          name: m3_lightmeter_ipa
          path: build/ios/ipa/lightmeter.ipa

      - name: Clean up keychain and provisioning profile
        if: ${{ always() }}
        run: |
          security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
          rm ~/Library/MobileDevice/Provisioning\ Profiles/build_provision.mobileprovision