name: Full Repo Management Daily

on:
  workflow_dispatch:
  schedule:
    - cron: "5 2 * * *"

permissions:
  contents: write

concurrency:
  group: full-repo-management
  cancel-in-progress: false

jobs:
  manage:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout builder repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          github-server-url: https://git.halonice.com

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Validate token
        shell: bash
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
        run: |
          if [ -z "${GITEA_TOKEN}" ]; then
            echo "Warning: missing GITEA_TOKEN, release publish step will fail."
          else
            echo "GITEA_TOKEN exists."
          fi

      - name: Prepare config
        shell: bash
        run: |
          if [ -f config.toml ]; then
            echo "Use existing config.toml"
          elif [ -f config.json ]; then
            echo "Use existing config.json"
          elif [ -f config.example.toml ]; then
            cp config.example.toml config.toml
            echo "Generated config.toml from example"
          else
            echo "No config file found" >&2
            exit 1
          fi

      - name: Sync upstream and generate rules
        shell: bash
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
          UPSTREAM_REF: ${{ vars.UPSTREAM_REF }}
        run: |
          set -euo pipefail
          UPSTREAM_REF="${UPSTREAM_REF:-master}"
          bash scripts/sync_surge_full.sh
          if [ -f config.toml ]; then
            python3 main.py --config config.toml
          else
            python3 main.py --config config.json
          fi

      - name: Commit and push builder updates
        shell: bash
        run: |
          set -euo pipefail
          branch="${GITHUB_REF_NAME:-}"
          if [ -z "${branch}" ]; then
            branch="$(git rev-parse --abbrev-ref HEAD || true)"
          fi
          if [ -z "${branch}" ] || [ "${branch}" = "HEAD" ]; then
            branch="main"
          fi

          git config user.name "gitea-actions[bot]"
          git config user.email "gitea-actions@localhost"
          git add -A
          if git diff --cached --quiet; then
            echo "No builder changes"
            echo "builder_changed=false" >> "$GITHUB_ENV"
          else
            git commit -m "chore: daily sync and generate rules"
            git push origin "HEAD:${branch}"
            echo "builder_changed=true" >> "$GITHUB_ENV"
          fi

      - name: Publish dist to release repo
        shell: bash
        env:
          GITEA_BASE_URL: ${{ vars.GITEA_BASE_URL }}
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
          TARGET_OWNER: ${{ vars.TARGET_OWNER }}
          TARGET_REPO: ${{ vars.TARGET_REPO }}
          TARGET_BRANCH: ${{ vars.TARGET_BRANCH }}
        run: |
          set -euo pipefail
          if [ -z "${GITEA_TOKEN}" ]; then
            echo "Missing secret GITEA_TOKEN for release publish" >&2
            exit 1
          fi
          base="${GITEA_BASE_URL:-https://git.halonice.com}"
          base="${base%/}"
          owner="${TARGET_OWNER:-yuanzhen869}"
          repo="${TARGET_REPO:-shunt-rules-release}"
          branch="${TARGET_BRANCH:-main}"

          if [[ "${base}" == https://* ]]; then
            release_url="https://${GITEA_TOKEN}@${base#https://}/${owner}/${repo}.git"
          elif [[ "${base}" == http://* ]]; then
            release_url="http://${GITEA_TOKEN}@${base#http://}/${owner}/${repo}.git"
          else
            echo "GITEA_BASE_URL must start with http:// or https://" >&2
            exit 1
          fi

          RELEASE_REPO_URL="${release_url}" \
          TARGET_BRANCH="${branch}" \
          COMMIT_MESSAGE="chore: daily publish generated rules" \
          bash scripts/release_dist.sh