name: Release

on:
  pull_request:
  push:
    branches:
      - main

concurrency: ${{ github.workflow }}-${{ github.ref }}

jobs:
  nix-check:
    runs-on: ubuntu-latest
    permissions:
      id-token: "write"
      contents: "read"
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - uses: DeterminateSystems/flake-checker-action@main
      - name: Run `nix flake check`
        run: nix flake check

  release:
    name: Release
    runs-on: ubuntu-latest
    needs: nix-check
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    permissions:
      contents: write
      pull-requests: write
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Install Nix
        uses: cachix/install-nix-action@v31
        with:
          github_access_token: ${{ secrets.GITHUB_TOKEN }}

      - name: Install Dependencies
        run: nix develop .#full --command pnpm install --frozen-lockfile

      - name: Create Release Pull Request or Publish
        id: changesets
        uses: changesets/action@v1
        with:
          version: nix develop .#full --command pnpm run version
          publish: nix develop .#full --command pnpm run release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Create GitHub Release with Assets
        if: steps.changesets.outputs.published == 'true'
        uses: softprops/action-gh-release@v5
        with:
          tag_name: v${{ steps.changesets.outputs.publishedPackages[0].version }}
          name: Release v${{ steps.changesets.outputs.publishedPackages[0].version }}
          files: |
            packages/*.zip
          draft: false
          prerelease: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}