name: Update Scheduled Release Version

on:
  workflow_dispatch: # Manual trigger only. Triggered by release-scheduler.yml on main.

env:
  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
  GRADLE_ENTERPRISE_CACHE_USER: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USER }}
  GRADLE_ENTERPRISE_CACHE_PASSWORD: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
  GRADLE_ENTERPRISE_SECRET_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_SECRET_ACCESS_KEY }}

permissions:
  contents: read

jobs:
  update_scheduled_release_version:
    name: Initiate Release If Scheduled
    if: ${{ github.repository == 'spring-projects/spring-security' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      actions: read
    steps:
      - id: checkout-source
        name: Checkout Source Code
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
      - name: Set up gradle
        uses: spring-io/spring-gradle-build-action@v2
        with:
          java-version: '17'
          distribution: 'temurin'
      - id: check-release-due
        name: Check Release Due
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew gitHubCheckNextVersionDueToday
          echo "is_due_today=$(cat build/github/milestones/is-due-today)" >>$GITHUB_OUTPUT
      - id: check-open-issues
        name: Check for open issues
        if: steps.check-release-due.outputs.is_due_today == 'true'
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          ./gradlew gitHubCheckMilestoneHasNoOpenIssues
          echo "is_open_issues=$(cat build/github/milestones/is-open-issues)" >>$GITHUB_OUTPUT
      - id: validate-release-state
        name: Validate State of Release
        if: steps.check-release-due.outputs.is_due_today == 'true' && steps.check-open-issues.outputs.is_open_issues == 'true'
        run: |
          echo "The release is due today but there are open issues"
          exit 1
      - id: update-version-and-push
        name: Update version and push
        if: steps.check-release-due.outputs.is_due_today == 'true' && steps.check-open-issues.outputs.is_open_issues == 'false'
        run: |
          export GRADLE_ENTERPRISE_CACHE_USERNAME="$GRADLE_ENTERPRISE_CACHE_USER"
          export GRADLE_ENTERPRISE_CACHE_PASSWORD="$GRADLE_ENTERPRISE_CACHE_PASSWORD"
          export GRADLE_ENTERPRISE_ACCESS_KEY="$GRADLE_ENTERPRISE_SECRET_ACCESS_KEY"
          git config user.name 'github-actions[bot]'
          git config user.email 'github-actions[bot]@users.noreply.github.com'
          ./gradlew :updateProjectVersion
          updatedVersion=$(cat gradle.properties | grep "version=" | awk -F'=' '{print $2}')
          git commit -am "Release $updatedVersion"
          git tag $updatedVersion
          git push
          git push origin $updatedVersion
      - id: send-slack-notification
        name: Send Slack message
        if: failure()
        uses: Gamesight/slack-workflow-status@v1.2.0
        with:
          repo_token: ${{ secrets.GITHUB_TOKEN }}
          slack_webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }}
          channel: '#spring-security-ci'
          name: 'CI Notifier'