---
name: Release
run-name: Release ${{ inputs.release_type }}

on:
  workflow_dispatch:
    inputs:
      release_type:
        description: "Release Options"
        default: "Initial Release"
        type: choice
        options:
          - Initial Release
          - Redeploy
          - Dry Run

jobs:
  setup:
    name: Setup
    runs-on: ubuntu-22.04
    outputs:
      release_version: ${{ steps.version.outputs.version }}
      branch-name: ${{ steps.branch.outputs.branch-name }}

    steps:
      - name: Check branch
        if: ${{ inputs.release_type != 'Dry Run' }}
        run: |
          if [[ "$GITHUB_REF" != "refs/heads/main" ]]; then
            echo "==================================="
            echo "[!] Can only release from the 'main' branch"
            echo "==================================="
            exit 1
          fi

      - name: Check out repo
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Check release version
        id: version
        uses: bitwarden/gh-actions/release-version-check@main
        with:
          release-type: ${{ inputs.release_type }}
          project-type: dotnet
          file: Directory.Build.props

      - name: Get branch name
        id: branch
        run: |
          BRANCH_NAME=$(basename ${{ github.ref }})
          echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT

  release-github:
    name: Create GitHub Release
    if: ${{ inputs.release_type != 'Dry Run' }}
    runs-on: ubuntu-22.04
    needs: setup
    steps:
      - name: Create release
        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
        with:
          commit: ${{ github.sha }}
          tag: "v${{ needs.setup.outputs.release_version }}"
          name: "Version ${{ needs.setup.outputs.release_version }}"
          body: "<insert release notes here>"
          token: ${{ secrets.GITHUB_TOKEN }}
          draft: true

  check-failures:
    name: Check for failures
    if: always()
    runs-on: ubuntu-22.04
    needs:
      - release-github
      - setup
    steps:
      - name: Check if any job failed
        if: github.ref == 'refs/heads/main' && contains(needs.*.result, 'failure')
        run: exit 1

      - name: Log in to Azure
        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
        if: failure()
        with:
          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        if: failure()
        with:
          keyvault: "bitwarden-ci"
          secrets: "devops-alerts-slack-webhook-url"

      - name: Notify Slack on failure
        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
        if: failure()
        env:
          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
        with:
          status: ${{ job.status }}