.github/workflows/createNewVersion.yml

name: Create new version

on:
  workflow_dispatch:
    inputs:
      SEMVER_LEVEL:
        description: One of {BUILD, PATCH, MINOR, MAJOR}
        required: true
        default: BUILD
        type: string

  workflow_call:
    inputs:
      SEMVER_LEVEL:
        description: One of {BUILD, PATCH, MINOR, MAJOR}
        required: false
        default: BUILD
        type: string

    outputs:
      NEW_VERSION:
        description: The new version string
        value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }}

    secrets:
      LARGE_SECRET_PASSPHRASE:
        description: Passphrase used to decrypt GPG key
        required: true
      SLACK_WEBHOOK:
        description: Webhook used to comment in slack
        required: true
      OS_BOTIFY_COMMIT_TOKEN:
        description: OSBotify personal access token, used to workaround committing to protected branch
        required: true

jobs:
  validateActor:
    runs-on: ubuntu-latest
    outputs:
      HAS_WRITE_ACCESS: ${{ contains(fromJSON('["write", "admin"]'), steps.getUserPermissions.outputs.PERMISSION) }}
    steps:
      - name: Get user permissions
        id: getUserPermissions
        run: echo "PERMISSION=$(gh api /repos/${{ github.repository }}/collaborators/${{ github.actor }}/permission | jq -r '.permission')" >> "$GITHUB_OUTPUT"
        env:
          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}

  createNewVersion:
    runs-on: macos-latest
    needs: validateActor
    if: ${{ fromJSON(needs.validateActor.outputs.HAS_WRITE_ACCESS) }}

    outputs:
      NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }}

    steps:
      - name: Run turnstyle
        uses: softprops/turnstyle@49108bdfa571e62371bd2c3094893c547ab3fc03
        with:
          poll-interval-seconds: 10
        env:
          GITHUB_TOKEN: ${{ github.token }}

      - name: Check out
        uses: actions/checkout@v4
        with:
          ref: main
          # The OS_BOTIFY_COMMIT_TOKEN is a personal access token tied to osbotify
          # This is a workaround to allow pushes to a protected branch
          token: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}

      - name: Setup git for OSBotify
        uses: ./.github/actions/composite/setupGitForOSBotify
        id: setupGitForOSBotify
        with:
          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}

      - name: Generate version
        id: bumpVersion
        uses: ./.github/actions/javascript/bumpVersion
        with:
          GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}
          SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }}

      - name: Commit new version
        run: |
          git add \
            ./package.json \
            ./package-lock.json \
            ./android/app/build.gradle \
            ./ios/NewExpensify/Info.plist \
            ./ios/NewExpensifyTests/Info.plist \
            ./ios/NotificationServiceExtension/Info.plist
          git commit -m "Update version to ${{ steps.bumpVersion.outputs.NEW_VERSION }}"

      - name: Update main branch
        run: git push origin main

      - name: Announce failed workflow in Slack
        if: ${{ failure() }}
        uses: ./.github/actions/composite/announceFailedWorkflowInSlack
        with:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}