name: Build DEB Package

on:
  push:
    tags:
      - 'v*'
    branches:
      - main
      - master
    paths:
      - 'go/**'
      - 'cmd/**'
      - 'internal/**'
      - 'api/**'
      - 'packaging/**'
      - 'Makefile'
      - 'go.mod'
      - 'go.sum'
  pull_request:
    branches:
      - main
      - master
    paths:
      - 'go/**'
      - 'cmd/**'
      - 'internal/**'
      - 'api/**'
      - 'packaging/**'
      - 'Makefile'
      - 'go.mod'
      - 'go.sum'
  workflow_dispatch:
    inputs:
      version:
        description: 'Version to build (e.g., 1.0.0)'
        required: false
        default: '1.0.0-dev'

env:
  GO_VERSION: '1.24'
  PACKAGE_NAME: ja4sentinel
  TARGET_DIST: debian:bookworm

jobs:
  build-deb:
    name: Build DEB Package (Debian/Ubuntu)
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          cache: true

      - name: Determine version
        id: version
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            VERSION="${{ github.event.inputs.version }}"
          elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
            VERSION="${{ github.ref_name#v }}"
          else
            VERSION="0.0.0-$(git rev-parse --short HEAD)"
          fi
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "Building version: ${VERSION}"

      - name: Build DEB in Docker
        run: |
          docker build --no-cache \
            -t ${PACKAGE_NAME}-packager-deb \
            --build-arg VERSION="${{ steps.version.outputs.version }}" \
            --build-arg ARCH=amd64 \
            -f packaging/Dockerfile.deb .
          
          # Extract DEB from image
          mkdir -p build/deb
          docker run --rm ${PACKAGE_NAME}-packager-deb sh -c 'cat /packages/*.deb' > build/${PACKAGE_NAME}.deb

      - name: List build artifacts
        run: |
          echo "=== Build Artifacts ==="
          ls -lah build/deb/
          sha256sum build/${PACKAGE_NAME}.deb

      - name: Upload DEB artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${PACKAGE_NAME}-deb-amd64
          path: build/*.deb
          retention-days: 30

      - name: Upload checksum artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${PACKAGE_NAME}-deb-checksums
          path: build/*.deb.sha256
          retention-days: 30

      - name: Create release and upload assets (on tag)
        if: startsWith(github.ref, 'refs/tags/v')
        uses: softprops/action-gh-release@v2
        with:
          files: |
            build/*.deb
          generate_release_notes: true
          make_latest: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}