name: Build and Release Vaultwarden for macOS M4

on:
  push:
    tags:
      - 'v*' # 当推送以 v 开头的 tag 时触发 (如 v1.0.0)
  workflow_dispatch: # 允许手动触发测试

jobs:
  build:
    runs-on: macos-latest
    permissions: # 赋予写入 Release 的权限
      contents: write
    
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
        with:
          targets: aarch64-apple-darwin

      - name: Install Dependencies
        run: |
          brew install openssl mysql-client libpq pkg-config
          {
            echo "OPENSSL_ROOT_DIR=$(brew --prefix openssl)"
            echo "MYSQLCLIENT_LIB_DIR=$(brew --prefix mysql-client)/lib"
            echo "MYSQLCLIENT_VERSION=8.0"
            echo "LIBRARY_PATH=$(brew --prefix libpq)/lib"
            echo "PKG_CONFIG_PATH=$(brew --prefix libpq)/lib/pkgconfig"
            echo "LIBSQLITE3_SYS_BUNDLED=1" 
          } >> $GITHUB_ENV
          echo "$(brew --prefix mysql-client)/bin" >> $GITHUB_PATH
          echo "$(brew --prefix libpq)/bin" >> $GITHUB_PATH

      - name: Rust Cache
        uses: Swatinem/rust-cache@v2

      - name: Build Vaultwarden
        run: |
          cargo build --release \
            --target aarch64-apple-darwin \
            --features sqlite,mysql,postgresql

      - name: Prepare Assets
        run: |
          mkdir -p publish
          # 将二进制文件重命名，方便用户识别架构
          cp target/aarch64-apple-darwin/release/vaultwarden ./publish/vaultwarden-macos-arm64
          # 进入目录进行压缩 (可选，推荐压缩以减小体积)
          cd publish && tar -czvf vaultwarden-macos-arm64.tar.gz vaultwarden-macos-arm64

      - name: Create GitHub Release
        uses: softprops/action-gh-release@v2
        if: startsWith(github.ref, 'refs/tags/')
        with:
          files: ./publish/vaultwarden-macos-arm64.tar.gz
          name: Release ${{ github.ref_name }}
          draft: false
          prerelease: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}