name: SDK Publish & Sign

on:
  pull_request:
    paths:
      - 'src/Sdk/**'
      - 'ops/devops/sdk/**'
      - 'scripts/sdk/**'
      - '.gitea/workflows/sdk-publish.yml'
  push:
    branches: [ main ]
    paths:
      - 'src/Sdk/**'
      - 'ops/devops/sdk/**'
      - 'scripts/sdk/**'
      - '.gitea/workflows/sdk-publish.yml'

jobs:
  sdk-publish:
    runs-on: ubuntu-22.04
    env:
      DOTNET_NOLOGO: 1
      DOTNET_CLI_TELEMETRY_OPTOUT: 1
      DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
      TZ: UTC
      SDK_NUGET_SOURCE: ${{ secrets.SDK_NUGET_SOURCE || 'local-nugets/packages' }}
      SDK_NUGET_API_KEY: ${{ secrets.SDK_NUGET_API_KEY }}
      SDK_SIGNING_CERT_B64: ${{ secrets.SDK_SIGNING_CERT_B64 }}
      SDK_SIGNING_CERT_PASSWORD: ${{ secrets.SDK_SIGNING_CERT_PASSWORD }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Task Pack offline bundle fixtures
        run: python3 scripts/packs/run-fixtures-check.sh

      - name: Setup .NET 10 RC
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 10.0.100
          include-prerelease: true

      - name: Cache NuGet packages
        uses: actions/cache@v4
        with:
          path: |
            ~/.nuget/packages
            local-nugets/packages
          key: sdk-nuget-${{ runner.os }}-${{ hashFiles('src/Sdk/**/*.csproj') }}

      - name: Restore (best effort; skipped if no csproj)
        run: |
          set -e
          if compgen -G "src/Sdk/**/*.csproj" > /dev/null; then
            dotnet restore --configfile nuget.config src/Sdk/StellaOps.Sdk.Release/StellaOps.Sdk.Release.csproj || true
          else
            echo "No SDK csproj present; skipping restore."
          fi

      - name: Build & Test (best effort)
        run: |
          set -e
          if compgen -G "src/Sdk/**/*.csproj" > /dev/null; then
            dotnet build src/Sdk/StellaOps.Sdk.Release/StellaOps.Sdk.Release.csproj -c Release --no-restore || true
            if compgen -G "src/Sdk/**/__Tests/**/*.csproj" > /dev/null; then
              dotnet test src/Sdk/**/__Tests/**/*.csproj -c Release --no-build --logger "trx;LogFileName=sdk-tests.trx" || true
            fi
          else
            echo "No SDK csproj present; skipping build/test."
          fi

      - name: Sign packages (if present)
        run: |
          chmod +x scripts/sdk/sign-packages.sh
          scripts/sdk/sign-packages.sh

      - name: Publish packages (if present)
        run: |
          chmod +x scripts/sdk/publish.sh
          scripts/sdk/publish.sh

      - name: Upload SDK artifacts
        uses: actions/upload-artifact@v4
        with:
          name: sdk-artifacts
          path: |
            out/sdk
            local-nugets/packages/*.nupkg
          if-no-files-found: warn
          retention-days: 7