name: "Publish aqua"

on:
  workflow_dispatch:
    inputs:
      tag:
        description: "tag to checkout to"
        type: string
        required: true
  workflow_call:
    inputs:
      tag:
        description: "tag to checkout to"
        type: string
        required: true

env:
  FORCE_COLOR: true

jobs:
  publish:
    runs-on: builder
    timeout-minutes: 60

    permissions:
      contents: read
      id-token: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.tag }}

      - name: Cache Scala
        uses: coursier/cache-action@v6

      - name: Setup Scala
        uses: coursier/setup-action@v1
        with:
          apps: sbt

      - name: scala-js build
        run: sbt ";language-server-apiJS/fullBundleJS;aqua-apiJS/fullBundleJS"

      - name: Import secrets
        uses: hashicorp/vault-action@v2.7.3
        with:
          url: https://vault.fluence.dev
          path: jwt/github
          role: ci
          method: jwt
          jwtGithubAudience: "https://github.com/fluencelabs"
          jwtTtl: 300
          exportToken: false
          secrets: |
            kv/npmjs/fluencebot token | NODE_AUTH_TOKEN

      - name: Setup pnpm
        uses: pnpm/action-setup@v2.4.0
        with:
          version: 8

      - name: Setup node with self-hosted npm registry
        uses: actions/setup-node@v4
        with:
          node-version: "18"
          registry-url: "https://registry.npmjs.org"
          cache: "pnpm"

      - run: pnpm --filter='!integration-tests' -r i
      - run: pnpm --filter='!integration-tests' -r build

      - name: Publish to NPM registry
        run: pnpm --filter='!integration-tests' publish --access public --tag unstable