name: Android CI

on:
  push:
    branches: [master]
    paths:
      - 'android/**'
      - '.github/workflows/android-ci.yml'
  pull_request:
    branches: [master]
    paths:
      - 'android/**'
      - '.github/workflows/android-ci.yml'

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4

      - name: Verify lockfile is up-to-date
        run: |
          cd android
          chmod +x gradlew
          ./gradlew dependencies --write-locks
          if ! git diff --exit-code app/gradle.lockfile; then
            echo "❌ Lockfile is out of date. Run: cd android && ./gradlew dependencies --write-locks"
            exit 1
          fi
          echo "✅ Lockfile is up-to-date"

      - name: Decode keystore
        env:
          KEYSTORE_BASE64: ${{ secrets.KEYSTORE_FILE }}
        run: |
          echo "$KEYSTORE_BASE64" | base64 -d > android/release.keystore

      - name: Build signed APK
        env:
          KEYSTORE_FILE: ${{ github.workspace }}/android/release.keystore
          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
        run: |
          cd android
          ./gradlew assembleRelease --build-cache --configuration-cache