# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/github-action.json
name: "publish-nuget"
description: "Publishes a NuGet package to a Gitea-hosted NuGet registry and attests to its contents."
inputs:
  package-path:
    description: "Path to the package directory relative to src/, e.g. Oceanbox.FvcomKit"
    required: true
  nuget-key:
    description: "API key with which to authenticate to the NuGet registry."
    required: true
  registry:
    description: "Gitea registry domain, e.g. git.oceanbox.io"
    required: true
    default: "git.oceanbox.io"
  registry-owner:
    description: "Registry owner/organization name, e.g. oceanbox"
    required: true
    default: "oceanbox"
  source-name:
    description: "Name to use for the NuGet source when adding it."
    required: false
    default: "gitea-nuget"
  nupkg-dir:
    description: "Directory where .nupkg files will be output"
    required: false
    default: "./nupkgs"
  configuration:
    description: "Build configuration (Release or Debug)"
    required: false
    default: "Release"
  dotnet-restore-args:
    description: "Additional arguments to pass to dotnet restore"
    required: false
    default: ""
  dotnet-build-args:
    description: "Additional arguments to pass to dotnet build"
    required: false
    default: ""
  dotnet-pack-args:
    description: "Additional arguments to pass to dotnet pack"
    required: false
    default: "-p:TargetsForTfmSpecificContentInPackage="
runs:
  using: "composite"
  steps:
    - name: Prep NuGet source
      shell: bash
      run: |
        nix-shell --run 'set -o pipefail; set -o nounset; set -o errexit;
        dotnet nuget add source --name ${{ inputs.source-name }} "https://${{ inputs.registry }}/api/packages/${{ inputs.registry-owner }}/nuget/index.json"'

    - name: Restore dependencies
      shell: bash
      run: |
        nix-shell --run "set -o pipefail; set -o nounset; set -o errexit;
        dotnet restore src/${{ inputs.package-path }} ${{ inputs.dotnet-restore-args }}"

    - name: Build
      shell: bash
      run: |
        nix-shell --run "set -o pipefail; set -o nounset; set -o errexit;
        dotnet build --no-restore --configuration ${{ inputs.configuration }} src/${{ inputs.package-path }} ${{ inputs.dotnet-build-args }}"

    - name: Pack
      shell: bash
      run: |
        nix-shell --run "set -o pipefail; set -o nounset; set -o errexit;
        dotnet pack src/${{ inputs.package-path }} --no-restore ${{ inputs.dotnet-pack-args }} --configuration ${{ inputs.configuration }} -o ${{ inputs.nupkg-dir }}"

    - name: Publish NuGet package
      shell: bash
      run: |
        nix-shell --run "set -o pipefail; set -o nounset; set -o errexit;
        dotnet nuget push ${{ inputs.nupkg-dir }}/${{ inputs.package-path }}.*.nupkg --api-key ${{ inputs.nuget-key }} --source '${{ inputs.source-name }}' --skip-duplicate"

    # TODO: Add attestation
    # - name: Attest Build Provenance
      # uses: actions/attest-build-provenance@v1
      # with:
        # subject-path: ${{ inputs.nupkg-dir }}/${{ inputs.package-path }}.*.nupkg