name: Build DEB Package

on:
  push:
    tags:
      - 'v*'
    branches:
      - main
      - master
    paths:
      - 'go/**'
      - 'cmd/**'
      - 'internal/**'
      - 'api/**'
      - 'packaging/**'
      - 'Makefile'
      - 'go.mod'
      - 'go.sum'
  pull_request:
    branches:
      - main
      - master
    paths:
      - 'go/**'
      - 'cmd/**'
      - 'internal/**'
      - 'api/**'
      - 'packaging/**'
      - 'Makefile'
      - 'go.mod'
      - 'go.sum'
  workflow_dispatch:
    inputs:
      version:
        description: 'Version to build (e.g., 1.0.0)'
        required: false
        default: '1.0.0-dev'

env:
  GO_VERSION: '1.24'
  PACKAGE_NAME: ja4sentinel

jobs:
  build-deb:
    name: Build DEB Package
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          cache: true

      - name: Determine version
        id: version
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            VERSION="${{ github.event.inputs.version }}"
          elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
            VERSION="${{ github.ref_name#v }}"
          else
            VERSION="0.0.0-$(git rev-parse --short HEAD)"
          fi
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "Building version: ${VERSION}"

      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            libpcap-dev \
            dpkg-dev \
            fakeroot \
            lintian

      - name: Build Go binary
        run: |
          make build-linux
          ls -la dist/

      - name: Build DEB package
        run: |
          VERSION="${{ steps.version.outputs.version }}"
          ./packaging/build-deb.sh "${VERSION}" "amd64"

      - name: Run lintian checks
        run: |
          lintian build/deb/*.deb --suppress-tags "dir-or-file-in-/usr/share/doc" || true

      - name: List build artifacts
        run: |
          echo "=== Build Artifacts ==="
          ls -lah build/deb/
          echo "=== Checksums ==="
          cat build/deb/*.sha256 || true

      - name: Upload DEB artifact
        uses: actions/upload-artifact@v4
        with:
          name: ja4sentinel-deb-amd64
          path: build/deb/*.deb
          retention-days: 30

      - name: Upload checksum artifact
        uses: actions/upload-artifact@v4
        with:
          name: ja4sentinel-deb-checksums
          path: build/deb/*.sha256
          retention-days: 30

      - name: Create release and upload assets (on tag)
        if: startsWith(github.ref, 'refs/tags/v')
        uses: softprops/action-gh-release@v2
        with:
          files: |
            build/deb/*.deb
            build/deb/*.sha256
          generate_release_notes: true
          make_latest: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}