ejs/.github/workflows/release.yml

name: Release
on:
  push:
    tags:
      - "*"

permissions: {}

jobs:
  build:
    name: Build artifacts
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
        with:
          fetch-depth: 0  # Needed for hatch-vcs versioning
          persist-credentials: false
      - uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb  # v2.0.3
        with:
          deno-version: 3fbb1daddbc9333cddf0d8c0735811717dd70f7a  # v2.6.3
          cache: false
      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548  # v6.1.0
        with:
          python-version: "3.10"
      - name: Install Python requirements
        run: |
          python -m pip install -U build
      - name: Build Python artifacts
        run: |
          python -m build
      - name: Upload Python artifacts
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f  # v6.0.0
        with:
          name: artifacts-py
          path: |
            dist/yt_dlp_ejs-*.whl
            dist/yt_dlp_ejs-*.tar.gz
          compression-level: 0
      - name: Build JavaScript artifacts
        run: |
          deno install --frozen
          deno task bundle
      - name: Upload JavaScript artifacts
        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f  # v6.0.0
        with:
          name: artifacts-js
          path: |
            dist/yt.solver.*.js
          compression-level: 0

  publish_pypi:
    name: Publish to PyPI
    needs: [build]
    if: github.repository == 'yt-dlp/ejs'
    permissions:
      id-token: write  # Needed for PyPI trusted publishing
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
        with:
          path: dist
          name: artifacts-py
      - name: Publish to PyPI
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # v1.13.0
        with:
          verbose: true

  release:
    name: Create GitHub release
    needs: [build, publish_pypi]
    if: always() && !failure() && !cancelled()
    permissions:
      contents: write  # Needed by gh to publish release to Github
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1
        with:
          persist-credentials: false
      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131  # v7.0.0
        with:
          path: dist
          pattern: artifacts-*
          merge-multiple: true
      - name: Create GitHub Release
        env:
          TAG: ${{ github.ref_name }}
          GH_TOKEN: ${{ github.token }}
        run: |
          gh release create "${TAG}" \
            --title "yt-dlp-ejs ${TAG}" \
            --generate-notes \
            --verify-tag \
            dist/yt.solver.*.js \
            dist/yt_dlp_ejs-*.whl \
            dist/yt_dlp_ejs-*.tar.gz