name: Publish Core

on:
  push:
    tags:
      - "v*" # Fires directly on v0.1.0, v0.2.0 etc.

jobs:
  # Enforce that tests MUST pass before release can execute
  verify:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install and Verify
        run: |
          pip install -e .[dev]
          pytest tests/ -v

  publish:
    needs: verify # Blocks execution if verify job fails
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Install Release Tools
        run: pip install build twine

      - name: Build Wheel and Source Distribution
        run: python -m build .
      - name: Verify Secret Presence
        env:
          MY_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
        run: |
          if [ -z "$MY_TOKEN" ]; then
            echo "❌ ERROR: The Gitea runner is receiving an empty string for PYPI_API_TOKEN!"
            exit 1
          else
            echo "✅ SUCCESS: Secret is accessible to this repository."
          fi
      - name: Publish Package to PyPI
        env:
          TWINE_USERNAME: __token__
          # Inherits your clean Organization level secret
          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
        run: twine upload --skip-existing dist/*

      - name: Build Gitea Release with Assets
        env:
          # Pulls your clean Organization level Gitea Token
          GIT_RELEASE_TOKEN: ${{ secrets.GIT_RELEASE_TOKEN }}
        run: |
          TAG=${GITHUB_REF#refs/tags/}

          # Delete existing release block if present
          EXISTING=$(curl -s -H "Authorization: token $GIT_RELEASE_TOKEN" "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/tags/$TAG")
          EXISTING_ID=$(echo $EXISTING | python -c "import sys,json; d=json.load(sys.stdin); print(d.get('id',''))" 2>/dev/null || echo "")
          if [ -n "$EXISTING_ID" ]; then
            curl -s -X DELETE -H "Authorization: token $GIT_RELEASE_TOKEN" "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/$EXISTING_ID"
          fi

          # Create fresh production release container
          RELEASE=$(curl -s -X POST \
            -H "Authorization: token $GIT_RELEASE_TOKEN" \
            -H "Content-Type: application/json" \
            -d "{
              \"tag_name\": \"$TAG\",
              \"name\": \"foreignthon $TAG\",
              \"body\": \"Release version $TAG of foreignthon core compiler engine.\",
              \"draft\": false,
              \"prerelease\": false
            }" "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases")

          RELEASE_ID=$(echo $RELEASE | python -c "import sys,json; print(json.load(sys.stdin)['id'])")

          # Upload wheels directly into Gitea Assets tab
          for FILE in dist/*; do
            curl -s -X POST -H "Authorization: token $GIT_RELEASE_TOKEN" -F "attachment=@$FILE" "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/$RELEASE_ID/assets"
          done