# Use this workflow to create a patch branch and use the release workflow to release the patch once ready

name: Patch release

run-name: "Patch release '${{ inputs.git-tag }}'"

on:
  workflow_dispatch:
    inputs:
      git-tag:
        required: true
        type: string
        description: "The github tag of the release you want to patch (i.e. v1.0.0)."

defaults:
  run:
    shell: bash

permissions:
  contents: write

jobs:
  tag-check:
    name: Tag check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Verify that the provided git_tag is a tag
        run: git tag -l | grep -w ${{ inputs.git-tag }} || (echo "The provided git_tag '${{ inputs.git-tag }}' is not a tag" && exit 1)

  patch-branch:
    name: Create security patch branch
    needs: [tag-check]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout sources
        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.git-tag }}
          token: ${{ secrets.RELEASE_PLZ_TOKEN }}

      - name: Install a TOML parser
        run: |
          curl -L https://github.com/tamasfe/taplo/releases/download/0.8.1/taplo-full-linux-x86_64.gz | gunzip - > taplo
          chmod +x taplo
          sudo mv taplo /usr/bin/taplo

      - name: Prepare patch branch
        env:
          RUSTFLAGS: "--cfg surrealdb_unstable"
        run: |
          set -x

          # Configure git
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config user.name "github-actions[bot]"
          git config --add --bool push.autoSetupRemote true

          # Calculate new version
          currentVersion=$(taplo get -f Cargo.toml "package.version")
          major=$(echo $currentVersion | tr "." "\n" | sed -n 1p)
          minor=$(echo $currentVersion | tr "." "\n" | sed -n 2p)
          patch=$(echo $currentVersion | tr "." "\n" | sed -n 3p)
          version=${major}.${minor}.$(($patch + 1))

          # Bump the crate version
          sed -i "s#^version = \".*\"#version = \"${version}\"#" Cargo.toml
          sed -i "s#^version = \".*\"#version = \"${version}\"#" sdk/Cargo.toml
          sed -i "s#^version = \".*\"#version = \"2.0.0-${version}\"#" core/Cargo.toml

          # Update dependency versions
          sed -i "s#surrealdb-core2 = { version = \"=2.0.0-${currentVersion}\"#surrealdb-core2 = { version = \"=2.0.0-${version}\"#" sdk/Cargo.toml

          # Update Cargo.lock without updating dependency versions
          cargo check --no-default-features --features storage-mem

          # Commit changes
          git checkout -b patches/${major}.${minor}
          git commit -am "Bump version to v${version}"

      - name: Push the new branch
        run: git push