name: Release signing on Windows
run-name: workflow release signing with SignPath

on: workflow_dispatch

jobs:
  build:
    runs-on: windows-latest

    steps:
      # Step 1: Checkout the code
      - name: Checkout repository
        uses: actions/checkout@v4

      # Step 2: Setup .NET 9 SDK
      - name: Setup .NET 10 SDK
        uses: actions/setup-dotnet@v5
        with:
          dotnet-version: '10.x'

      # Step 3: Get version from Directory.Build.props using PowerShell
      - name: Get version from Directory.Build.props
        id: get-version
        run: pwsh -File "${{ github.workspace }}/Build/Get-VersionInfo.ps1"

      # Step 4 (x64): Publish x64 version
      - name: Publish x64 version
        run: |
          pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "x64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64"
        shell: pwsh

      # Step 5: Delete all PDB files from x64 output directory
      - name: Remove all PDB files (x64)
        run: |
          Get-ChildItem -Path "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64" -Filter *.pdb -Recurse | Remove-Item -Force -ErrorAction SilentlyContinue
        shell: pwsh

      # Step 6 (x64): Compile .ISS to .EXE Installer for x64
      - name: Compile .ISS to .EXE Installer (x64)
        run: |
          New-Item -Path "${{ github.workspace }}\Build\install" -ItemType Directory -Force

          & 'C:\Program Files (x86)\Inno Setup 6\ISCC.exe' `
            /O+ `
            /DMyAppVersion="${{steps.get-version.outputs.clean-version}}" `
            /DMyAppOutputDir="${{ github.workspace }}\Build\install" `
            /DMyFileSource="${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64" `
            /DMyAppOutputName="Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64" `
            /DLicenseFile="${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt" `
            /DAppIcon="${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico" `
            /DVersionInfoVersion="${{steps.get-version.outputs.clean-version}}" `
            "${{ github.workspace }}\Build\install.iss"
        shell: pwsh

      # Step 7 (arm64): Publish arm64 version
      - name: Publish arm64 version
        run: |
          pwsh -File "${{ github.workspace }}\Build\Build Avalonia.Win32.ps1" -Platform "arm64" -outputPath "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64"
        shell: pwsh

      # Step 8: Delete all PDB files from arm64 output directory
      - name: Remove all PDB files (arm64)
        run: |
          Get-ChildItem -Path "${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64" -Filter *.pdb -Recurse | Remove-Item -Force -ErrorAction SilentlyContinue
        shell: pwsh

      # Step 9 (arm64): Compile .ISS to .EXE Installer for arm64
      - name: Compile .ISS to .EXE Installer (arm64)
        run: |

          & 'C:\Program Files (x86)\Inno Setup 6\ISCC.exe' `
            /O+ `
            /DMyAppVersion="${{steps.get-version.outputs.clean-version}}" `
            /DMyAppOutputDir="${{ github.workspace }}\Build\install" `
            /DMyFileSource="${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-arm64" `
            /DMyAppOutputName="Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64" `
            /DLicenseFile="${{ github.workspace }}\src\PicView.Core\Licenses\LICENSE.txt" `
            /DAppIcon="${{ github.workspace }}\src\PicView.Avalonia.Win32\icon.ico" `
            /DVersionInfoVersion="${{steps.get-version.outputs.clean-version}}" `
            "${{ github.workspace }}\Build\install.iss"
        shell: pwsh

      # Step 10: Upload unsigned artifact
      - name: upload-unsigned-artifact
        id: upload-unsigned-artifact
        uses: actions/upload-artifact@v4
        with:
          name: "PicView-${{steps.get-version.outputs.file-version}}-unsigned"
          if-no-files-found: error
          path: |
            ${{ github.workspace }}\Build\PicView-v${{steps.get-version.outputs.version}}-win-x64\
            ${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-x64.exe
            ${{ github.workspace }}\Build\\PicView-v${{steps.get-version.outputs.version}}-win-arm64\
            ${{ github.workspace }}\Build\install\Setup-PicView-v${{steps.get-version.outputs.version}}-win-arm64.exe
          retention-days: 1

      # Step 11: Sign the binaries
      - name: Sign files
        uses: signpath/github-action-submit-signing-request@v1
        with:
          api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
          organization-id: '${{ vars.SIGNPATH_ORGANIZATION_ID }}'
          project-slug: 'PicView'
          signing-policy-slug: 'release-signing'
          github-artifact-id: ${{ steps.upload-unsigned-artifact.outputs.artifact-id }}
          wait-for-completion: true
          output-artifact-directory: 'PicView-${{steps.get-version.outputs.version}}-signed'

      # Step 12: Upload signed binaries
      - name: upload-signed-artifact
        uses: actions/upload-artifact@v4
        with:
          name: "PicView-${{steps.get-version.outputs.version}}-signed"
          path: "PicView-${{steps.get-version.outputs.version}}-signed"
          if-no-files-found: error