name: Release

on:
  push:
    tags: ['v*']

env:
  # Forgejo container registry (BSL product — not pushing to public GHCR)
  # cf-agents#3: revisit public registry policy before enabling GHCR push
  REGISTRY: git.opensourcesolarpunk.com
  IMAGE_API: git.opensourcesolarpunk.com/circuit-forge/snipe-api
  IMAGE_WEB: git.opensourcesolarpunk.com/circuit-forge/snipe-web

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      # ── Changelog ────────────────────────────────────────────────────────────
      - name: Generate changelog
        uses: orhun/git-cliff-action@v3
        id: cliff
        with:
          config: .cliff.toml
          args: --latest --strip header
        env:
          OUTPUT: CHANGES.md

      # ── Docker ───────────────────────────────────────────────────────────────
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to Forgejo registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.FORGEJO_RELEASE_TOKEN }}

      # API image — built with circuitforge-core sibling from GitHub mirror
      - name: Checkout circuitforge-core
        uses: actions/checkout@v4
        with:
          repository: CircuitForgeLLC/circuitforge-core
          path: circuitforge-core

      - name: Build and push API image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ${{ env.IMAGE_API }}:${{ github.ref_name }}
            ${{ env.IMAGE_API }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build and push web image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: docker/web/Dockerfile
          push: true
          platforms: linux/amd64,linux/arm64
          tags: |
            ${{ env.IMAGE_WEB }}:${{ github.ref_name }}
            ${{ env.IMAGE_WEB }}:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

      # ── Forgejo Release ───────────────────────────────────────────────────────
      - name: Create Forgejo release
        env:
          FORGEJO_TOKEN: ${{ secrets.FORGEJO_RELEASE_TOKEN }}
          REPO: ${{ github.event.repository.name }}
          TAG: ${{ github.ref_name }}
          NOTES: ${{ steps.cliff.outputs.content }}
        run: |
          curl -sS -X POST \
            "https://git.opensourcesolarpunk.com/api/v1/repos/Circuit-Forge/${REPO}/releases" \
            -H "Authorization: token ${FORGEJO_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "$(jq -n --arg tag "$TAG" --arg body "$NOTES" \
                  '{tag_name: $tag, name: $tag, body: $body}')"