name: Build and Release on Tag

on:
  push:

jobs:
  package-and-release-macos:
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: 'lts/*'
      - name: Install dependencies
        run: npm install
      - name: Decode and Install Certificates
        env:
          CERTIFICATE_P12_BASE64: ${{ secrets.CERTIFICATE_P12_BASE64 }}
          CERTIFICATE_P12_PASSWORD: ${{ secrets.CERTIFICATE_P12_PASSWORD }}
        run: |
          echo $CERTIFICATE_P12_BASE64 | base64 --decode > certificate.p12
          security create-keychain -p actions temp.keychain
          security import certificate.p12 -k ~/Library/Keychains/temp.keychain -P "$CERTIFICATE_P12_PASSWORD" -T /usr/bin/codesign
          security list-keychains -s temp.keychain
          security default-keychain -s temp.keychain
          security unlock-keychain -p actions temp.keychain
          security set-key-partition-list -S apple-tool:,apple: -s -k actions temp.keychain
      - name: Build and package macOS app
        env:
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          DEBUG: '*'
        run: npm run publish-macos

      - name: Upload macOS build to GitHub Release
        uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{ github.ref_name }}
          files: |
            dist/*.dmg
            dist/*.zip
            dist/*.blockmap
            dist/latest-mac.yml
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}