---
name: release python

on:
  push:
    branches: [master]
    tags:
      - '**'
  pull_request:
    branches: [master]

  workflow_dispatch:

jobs:
  build_sdist:
    name: Build source distribution
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/igaw/linux-nvme/debian.python:latest
    steps:
      - uses: actions/checkout@v4

      - name: Allow workspace
        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

      - name: Build sdist
        run: pipx run build --sdist

      - uses: actions/upload-artifact@v4
        with:
          path: dist/*.tar.gz
          retention-days: 5

  upload_test_pypi:
    needs: [build_sdist]
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/v')
    steps:
      - uses: actions/download-artifact@v4
        with:
          name: artifact
          path: dist

      - name: Publish package to TestPyPI
        uses: pypa/gh-action-pypi-publish@release/v1.5
        with:
          user: __token__
          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
          repository_url: https://test.pypi.org/legacy/

  upload_pypi:
    needs: [build_sdist]
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'linux-nvme/libnvme'
    steps:
      - name: Check if it is a release tag
        id: check-tag
        run: |
           if [[ ${{ github.event.ref }} =~ ^refs/tags/v([0-9]+\.[0-9]+)(\.[0-9]+)?(-rc[0-9]+)?$ ]]; then
               echo ::set-output name=match::true
           fi
      - name: Download artifiact
        uses: actions/download-artifact@v4
        if: steps.check-tag.outputs.match == 'true'
        with:
          name: artifact
          path: dist
      - name: Publish package to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1.5
        if: steps.check-tag.outputs.match == 'true'
        with:
          user: __token__
          password: ${{ secrets.PYPI_API_TOKEN }}