# This workflow is triggered by a comment on an issue or PR with the text ".bundle"
# It bundles the Desktop App, then creates a PR comment with a link to download the app.

# IMPORTANT: issue_comment workflows only use files found on "main" branch to run.
# Do NOT allow on: pull_request since that allows a user to alter a file in a PR and exfil secrets for example.
# Only using issue_comment is the suggested workflow type. Comments on pull requests, and issues will trigger the issue_comment workflow event.
on:
  issue_comment:
    types: [created]

# permissions needed for reacting to IssueOps commands on PRs
permissions:
  pull-requests: write
  checks: read
  # issues: write

name: Workflow to Bundle Desktop App

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  trigger-on-command:
    name: Trigger on ".bundle" PR comment
    runs-on: ubuntu-latest
    outputs:
      continue: ${{ steps.command.outputs.continue }}
      # Cannot use github.event.pull_request.number since the trigger is 'issue_comment'
      pr_number: ${{ steps.command.outputs.issue_number }}
    steps:
      - uses: github/command@v1.3.0
        id: command
        with:
          command: ".bundle"
          skip_reviews: true
          reaction: "eyes"
          allowed_contexts: pull_request

  bundle-desktop:
    # Only run this if ".bundle" command is detected.
    needs: [trigger-on-command]
    if: ${{ needs.trigger-on-command.outputs.continue == 'true' }}
    uses: ./.github/workflows/bundle-desktop.yml
    with:
      signing: true
    secrets:
      CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
      CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
      APPLE_ID: ${{ secrets.APPLE_ID }}
      APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}

  bundle-desktop-windows:
    # Only run this if ".bundle" command is detected.
    needs: [trigger-on-command]
    if: ${{ needs.trigger-on-command.outputs.continue == 'true' }}
    uses: ./.github/workflows/bundle-desktop-windows.yml
    with:
      signing: true
    secrets:
      WINDOWS_CERTIFICATE: ${{ secrets.WINDOWS_CERTIFICATE }}
      WINDOWS_CERTIFICATE_PASSWORD: ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD }}

  pr-comment:
    name: PR Comment with Desktop App
    runs-on: ubuntu-latest
    needs: [trigger-on-command, bundle-desktop, bundle-desktop-windows]
    permissions:
      pull-requests: write

    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          merge-multiple: true

      - name: Comment on PR with download link
        uses: peter-evans/create-or-update-comment@v4
        with:
          issue-number: ${{ needs.trigger-on-command.outputs.pr_number }}
          body: |
            ### Desktop App for this PR

            The following builds are available for testing:

            - [📱 macOS Desktop App (arm64, signed)](https://nightly.link/${{ github.repository }}/actions/runs/${{ github.run_id }}/Goose-darwin-arm64.zip)
            - [🪟 Windows Desktop App (x64, signed)](https://nightly.link/${{ github.repository }}/actions/runs/${{ github.run_id }}/desktop-windows-dist.zip)

            **macOS Instructions:**
            After downloading, unzip the file and drag the Goose.app to your Applications folder. The app is signed and notarized for macOS.

            **Windows Instructions:**
            After downloading, unzip the file and run Goose.exe. The app is signed for Windows.

            These links are provided by nightly.link and will work even if you're not logged into GitHub.