name: Publish Rules To Public Repo

on:
  workflow_dispatch:
  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - name: Validate required settings
        shell: bash
        env:
          PUBLIC_REPO: ${{ vars.PUBLIC_REPO }}
          PUBLIC_BRANCH: ${{ vars.PUBLIC_BRANCH }}
          PUBLIC_TOKEN: ${{ secrets.PUBLIC_REPO_TOKEN }}
        run: |
          set -euo pipefail
          if [ -z "${PUBLIC_REPO:-}" ]; then
            echo "Missing vars.PUBLIC_REPO (format: owner/repo)" >&2
            exit 1
          fi
          if [ -z "${PUBLIC_TOKEN:-}" ]; then
            echo "Missing secrets.PUBLIC_REPO_TOKEN" >&2
            exit 1
          fi
          if [ -z "${PUBLIC_BRANCH:-}" ]; then
            echo "PUBLIC_BRANCH not set, default to main"
          fi

      - name: Checkout private source repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          github-server-url: https://git.halonice.com

      - name: Checkout public target repo
        uses: actions/checkout@v4
        with:
          repository: ${{ vars.PUBLIC_REPO }}
          ref: ${{ vars.PUBLIC_BRANCH || 'main' }}
          token: ${{ secrets.PUBLIC_REPO_TOKEN }}
          path: public-repo
          fetch-depth: 0
          github-server-url: https://git.halonice.com

      - name: Sync dist files
        shell: bash
        run: |
          set -euo pipefail
          mkdir -p public-repo/dist
          rsync -a --delete dist/ public-repo/dist/
          cat > public-repo/README.md <<TXT
          # shunt-rules-public

          该仓库存放由私有仓库自动发布的分流规则。

          更新时间（UTC）：$(date -u '+%Y-%m-%d %H:%M:%S')

          目录：

          - dist/surge
          - dist/loon
          - dist/clash
          - dist/mihomo
          TXT

      - name: Commit and push public repo
        shell: bash
        run: |
          set -euo pipefail
          cd public-repo
          git config user.name "gitea-actions[bot]"
          git config user.email "gitea-actions@localhost"
          git add -A
          if git diff --cached --quiet; then
            echo "No public repo changes"
            exit 0
          fi
          git commit -m "chore: publish latest shunt rules"
          git push origin "HEAD:${{ vars.PUBLIC_BRANCH || 'main' }}"