name: Build RPM Package

on:
  push:
    tags:
      - 'v*'
    branches:
      - main
      - master
    paths:
      - 'go/**'
      - 'cmd/**'
      - 'internal/**'
      - 'api/**'
      - 'packaging/**'
      - 'Makefile'
      - 'go.mod'
      - 'go.sum'
      - 'Dockerfile.package'
  pull_request:
    branches:
      - main
      - master
    paths:
      - 'go/**'
      - 'cmd/**'
      - 'internal/**'
      - 'api/**'
      - 'packaging/**'
      - 'Makefile'
      - 'go.mod'
      - 'go.sum'
      - 'Dockerfile.package'
  workflow_dispatch:
    inputs:
      version:
        description: 'Version to build (e.g., 1.0.0)'
        required: false
        default: '1.0.0-dev'

env:
  GO_VERSION: '1.24'
  PACKAGE_NAME: ja4sentinel

jobs:
  build-rpm:
    name: Build RPM Packages (CentOS 7, Rocky 8/9/10)
    runs-on: ubuntu-latest
    permissions:
      contents: write
      packages: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Determine version
        id: version
        run: |
          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
            VERSION="${{ github.event.inputs.version }}"
          elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
            VERSION="${{ github.ref_name#v }}"
          else
            VERSION="0.0.0-$(git rev-parse --short HEAD)"
          fi
          echo "version=${VERSION}" >> $GITHUB_OUTPUT
          echo "Building version: ${VERSION}"

      - name: Build RPM packages in Docker
        run: |
          docker build --no-cache \
            -t ${PACKAGE_NAME}-packager \
            --build-arg VERSION="${{ steps.version.outputs.version }}" \
            -f Dockerfile.package .

          # Extract RPM packages from image
          mkdir -p build/rpm/el7 build/rpm/el8 build/rpm/el9 build/rpm/el10
          docker run --rm -v $(pwd)/build:/output ${PACKAGE_NAME}-packager sh -c \
            'cp -r /packages/rpm/el7 /output/rpm/ && \
             cp -r /packages/rpm/el8 /output/rpm/ && \
             cp -r /packages/rpm/el9 /output/rpm/ && \
             cp -r /packages/rpm/el10 /output/rpm/'

      - name: List build artifacts
        run: |
          echo "=== Build Artifacts ==="
          echo "CentOS 7 (el7):"
          ls -lah build/rpm/el7/ || echo "  (no packages)"
          echo "Rocky Linux 8 (el8):"
          ls -lah build/rpm/el8/ || echo "  (no packages)"
          echo "Rocky Linux 9 (el9):"
          ls -lah build/rpm/el9/ || echo "  (no packages)"
          echo "AlmaLinux/Rocky 10 (el10):"
          ls -lah build/rpm/el10/ || echo "  (no packages)"
          
          # Generate checksums
          find build/rpm -name "*.rpm" -exec sha256sum {} \; > build/rpm/checksums.txt
          cat build/rpm/checksums.txt

      - name: Upload RPM artifacts
        uses: actions/upload-artifact@v4
        with:
          name: ${PACKAGE_NAME}-rpm-x86_64
          path: build/rpm/**/*.rpm
          retention-days: 30

      - name: Upload checksum artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${PACKAGE_NAME}-rpm-checksums
          path: build/rpm/checksums.txt
          retention-days: 30

      - name: Create release and upload assets (on tag)
        if: startsWith(github.ref, 'refs/tags/v')
        uses: softprops/action-gh-release@v2
        with:
          files: |
            build/rpm/el7/*.rpm
            build/rpm/el8/*.rpm
            build/rpm/el9/*.rpm
            build/rpm/el10/*.rpm
          generate_release_notes: true
          make_latest: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}