name: Release

on:
  push:
    tags:
      - 'v*'

jobs:
  build-android:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Setup Android SDK
        uses: android-actions/setup-android@v3

      - name: Decode keystore
        env:
          KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }}
        run: |
          echo "$KEYSTORE_BASE64" | base64 -d > android/release.keystore

      - name: Build Android APK
        env:
          KEYSTORE_FILE: ${{ github.workspace }}/android/release.keystore
          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
          KEY_ALIAS: sup-release
        run: |
          cd android
          chmod +x gradlew
          ./gradlew assembleRelease --no-daemon

      - name: Calculate checksums
        id: checksums
        run: |
          APK_PATH="android/app/build/outputs/apk/release/app-release.apk"
          SHA256=$(sha256sum "$APK_PATH" | awk '{print $1}')
          echo "sha256=$SHA256" >> $GITHUB_OUTPUT
          echo "apk_path=$APK_PATH" >> $GITHUB_OUTPUT

      - name: Create Release
        uses: softprops/action-gh-release@v1
        with:
          files: ${{ steps.checksums.outputs.apk_path }}
          body: |
            ## Android App
            
            **SHA256:** `${{ steps.checksums.outputs.sha256 }}`
            
            **Certificate Fingerprint:**
            ```
            0D:3C:99:15:0E:12:1A:DE:0D:AE:05:CB:16:46:5E:65:31:56:DC:D6:98:87:59:4E:79:B1:0D:AE:1E:56:F2:E8
            ```
            
            Verify the certificate fingerprint in Obtainium before installing.
          draft: false
          prerelease: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}