name: Build and Publish APK Package
on:
  push:
    tags:
      - 'v*'

jobs:
  build-apk:
    runs-on:
      - ubuntu-24.04
    container:
      image: alpine:latest
    steps:
      - name: Install build dependencies
        run: |
          apk update
          apk add --no-cache git nodejs go abuild curl sudo build-base

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Create build user
        run: |
          adduser -D -G abuild build
          echo "build ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
          chown -R build:abuild .

      - name: Configure git safe directory
        run: git config --global --add safe.directory "$PWD"

      - name: Setup abuild for package signing
        run: |
          su build -c "abuild-keygen -a -n"
          cp /home/build/.abuild/*.pub /etc/apk/keys/

      - name: Prepare source
        run: |
          pkgver=$(echo "${{ github.ref_name }}" | sed 's/^v//')
          pkgname="axolotl"

          sed -i "s/pkgver=.*/pkgver=$pkgver/" packaging/alpine/APKBUILD

          git archive --format=tar.gz --prefix="$pkgname-$pkgver/" -o "packaging/alpine/$pkgname-$pkgver.tar.gz" HEAD

          sed -i "s|source=.*|source=\"\$pkgname-\$pkgver.tar.gz\"|" packaging/alpine/APKBUILD
          chown -R build:abuild .

      - name: Generate checksums
        run: su build -c "cd $PWD/packaging/alpine && abuild checksum"

      - name: Build package
        run: su build -c "cd $PWD/packaging/alpine && abuild -r"

      - name: Publish to Gitea Registry
        run: |
          apk_file=$(find ~build/packages -name "*.apk" -type f | head -1)
          curl --fail-with-body -X PUT \
            -H "Authorization: token ${{ secrets.ACCESS_TOKEN }}" \
            -T "$apk_file" \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/alpine"