# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/github-action.json
name: "publish-nuget"
description: "Publishes a NuGet package to a Gitea-hosted NuGet registry and attests to its contents."
inputs:
  package-path:
    description: "Path to the package directory to the root of the repo, e.g. src/Oceanbox.FvcomKit"
    required: true
  package-name:
    description: "Name of the package e.g. Oceanbox.FvcomKit"
    required: true
  nuget-key:
    description: "API key with which to authenticate to the NuGet registry."
    required: true
  dotnet-sdk:
    description: "Nix dotnet SDK package to use (e.g. dotnet-sdk_10, dotnet-sdk_9)"
    required: false
    default: "dotnet-sdk_10"
  registry:
    description: "Gitea registry domain, e.g. git.oceanbox.io"
    required: true
    default: "git.oceanbox.io"
  registry-owner:
    description: "Registry owner/organization name, e.g. oceanbox"
    required: true
    default: "oceanbox"
  source-name:
    description: "Name to use for the NuGet source when adding it."
    required: false
    default: "gitea-nuget"
  nupkg-dir:
    description: "Directory where .nupkg files will be output"
    required: false
    default: "./nupkgs"
  configuration:
    description: "Build configuration (Release or Debug)"
    required: false
    default: "Release"
  dotnet-restore-args:
    description: "Additional arguments to pass to dotnet restore"
    required: false
    default: ""
  dotnet-build-args:
    description: "Additional arguments to pass to dotnet build"
    required: false
    default: ""
  dotnet-pack-args:
    description: "Additional arguments to pass to dotnet pack"
    required: false
    default: "-p:TargetsForTfmSpecificContentInPackage="
runs:
  using: "composite"
  steps:
    - name: Prep NuGet source
      shell: bash
      run: |
        nix-shell -p ${{ inputs.dotnet-sdk }} --run '
          set -euo pipefail
          dotnet nuget remove source "${{ inputs.source-name }}" || true
          dotnet nuget add source \
            --name "${{ inputs.source-name }}" \
            "https://${{ inputs.registry }}/api/packages/${{ inputs.registry-owner }}/nuget/index.json"
        '

    - name: Restore dependencies
      shell: bash
      run: |
        nix-shell -p ${{ inputs.dotnet-sdk }} --run '
          set -euo pipefail
          dotnet restore "${{ inputs.package-path }}" ${{ inputs.dotnet-restore-args }}
        '

    - name: Build
      shell: bash
      run: |
        nix-shell -p ${{ inputs.dotnet-sdk }} --run '
          set -euo pipefail
          dotnet build \
            --no-restore \
            --configuration "${{ inputs.configuration }}" \
            "${{ inputs.package-path }}" \
            ${{ inputs.dotnet-build-args }}
        '

    - name: Pack
      shell: bash
      run: |
        nix-shell -p ${{ inputs.dotnet-sdk }} --run '
          set -euo pipefail
          dotnet pack \
            "${{ inputs.package-path }}" \
            --no-restore \
            --configuration "${{ inputs.configuration }}" \
            -o "${{ inputs.nupkg-dir }}" \
            ${{ inputs.dotnet-pack-args }}
        '

    - name: Publish NuGet package
      shell: bash
      run: |
        nix-shell -p ${{ inputs.dotnet-sdk }} --run '
          set -euo pipefail
          dotnet nuget push \
            "${{ inputs.nupkg-dir }}/${{ inputs.package-name }}.*.nupkg" \
            --api-key "${{ inputs.nuget-key }}" \
            --source "${{ inputs.source-name }}" \
            --skip-duplicate
        '
    # TODO: Add attestation
    # - name: Attest Build Provenance
    # uses: actions/attest-build-provenance@v1
    # with:
    # subject-path: ${{ inputs.nupkg-dir }}/${{ inputs.package-path }}.*.nupkg