# Релиз: сборка .app / DMG / exe / deb, подпись (при наличии ключа), публикация в GitHub Releases и latest.json
# Настройка: в Secrets репозитория добавить TAURI_SIGNING_PRIVATE_KEY (приватный ключ от tauri signer generate)
name: Release

on:
  push:
    tags:
      - 'v*'
  release:
    types: [published]

concurrency:
  group: release-${{ github.event.release.tag_name || github.ref_name }}
  cancel-in-progress: false

permissions:
  contents: write

jobs:
  release:
    name: Build & Release (${{ matrix.os }})
    strategy:
      fail-fast: false
      matrix:
        os: [macos-latest, ubuntu-latest, windows-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
          cache-dependency-path: desktop/ui/package-lock.json

      - name: Install Rust toolchain (macOS)
        if: matrix.os == 'macos-latest'
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable
          targets: aarch64-apple-darwin,x86_64-apple-darwin

      - name: Install Rust toolchain (other)
        if: matrix.os != 'macos-latest'
        uses: dtolnay/rust-toolchain@stable
        with:
          toolchain: stable

      - name: Install Linux deps
        if: matrix.os == 'ubuntu-latest'
        run: |
          sudo apt-get update
          sudo apt-get install -y \
            libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev \
            librsvg2-dev patchelf pkg-config

      - name: Install UI deps
        run: cd desktop/ui && npm ci

      - name: Debug tauri config
        if: matrix.os == 'macos-latest'
        run: |
          echo "PWD=$(pwd)"
          grep -n "beforeBuildCommand" desktop/src-tauri/tauri.conf.json || true
          find . -maxdepth 4 \( -name "tauri.conf.json" -o -name "tauri.config.*" \) || true

      - name: Build Tauri (release)
        uses: tauri-apps/tauri-action@v0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_SIGNING_PRIVATE_KEY }}
          PAPAYU_PROJECT_ROOT: ${{ github.workspace }}
        with:
          projectPath: desktop/src-tauri
          includeUpdaterJson: true
          tagName: ${{ github.event.release.tag_name || github.ref_name }}
          releaseName: ${{ github.event.release.tag_name || github.ref_name }}

      - name: Smoke — check macOS bundle
        if: matrix.os == 'macos-latest'
        run: |
          ls -la desktop/src-tauri/target/release/bundle || true
          find desktop/src-tauri/target/release/bundle -maxdepth 4 -type f 2>/dev/null | head -100

      - name: Smoke — check Windows bundle
        if: matrix.os == 'windows-latest'
        run: dir desktop\src-tauri\target\release\bundle

      - name: Smoke — check Linux bundle
        if: matrix.os == 'ubuntu-latest'
        run: |
          ls -la desktop/src-tauri/target/release/bundle || true
          find desktop/src-tauri/target/release/bundle -maxdepth 4 -type f 2>/dev/null | head -100

      - name: Validate latest.json schema (if present)
        id: validate-latest-json
        if: matrix.os == 'macos-latest'
        run: |
          F=$(find desktop/src-tauri -name 'latest.json' -type f 2>/dev/null | head -1)
          if [ -n "$F" ]; then
            npx --yes ajv-cli@latest validate -s docs/latest.schema.json -d "$F" || (echo "--- latest.json (first 50 lines) ---"; head -50 "$F"; exit 1)
          else
            echo "latest.json not found in workspace (uploaded by tauri-action); skipping validation"
          fi

      - name: Dump latest.json on validation failure
        if: failure() && matrix.os == 'macos-latest'
        run: |
          F=$(find desktop/src-tauri -name 'latest.json' -type f 2>/dev/null | head -1)
          if [ -n "$F" ]; then echo "--- latest.json ---"; head -80 "$F"; fi