spawn/.github/workflows/cli-release.yml

name: CLI Release

on:
  push:
    branches: [main]
    paths:
      - 'packages/cli/src/**'
      - 'packages/cli/package.json'
      - 'packages/cli/bun.lock'
  workflow_dispatch:

concurrency:
  group: cli-release
  cancel-in-progress: true

jobs:
  build:
    name: Build and release CLI
    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
      - name: Checkout code
        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4

      - name: Setup Bun
        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6  # v2

      - name: Install dependencies and build
        working-directory: packages/cli
        run: |
          bun install
          bun run build

      - name: Build cloud bundles
        run: bun run packages/cli/build-clouds.ts

      - name: Get version
        id: version
        working-directory: packages/cli
        run: echo "version=$(jq -r .version package.json)" >> "$GITHUB_OUTPUT"

      - name: Create version file
        working-directory: packages/cli
        run: jq -r .version package.json > version

      - name: Update cli-latest release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          # Create release if it doesn't exist, then upload assets with --clobber
          # to atomically replace files without a delete→create race window
          gh release create cli-latest \
            --title "CLI v${{ steps.version.outputs.version }}" \
            --notes "Pre-built CLI binary (auto-updated on every push to main).

          This release is used as a fallback by \`install.sh\` when the local build fails (e.g. Termux proot).
          The \`version\` file is used by the CLI's auto-update check.

          **Version:** ${{ steps.version.outputs.version }}
          **Built:** $(date -u +%Y-%m-%dT%H:%M:%SZ)" \
            --prerelease 2>/dev/null || true

          gh release upload cli-latest \
            packages/cli/cli.js \
            packages/cli/version \
            --clobber

      - name: Upload cloud bundles
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          # Upload each cloud bundle, creating the release if needed.
          # Uses --clobber to atomically replace assets (no delete→create race).
          for bundle in packages/cli/*.js; do
            name=$(basename "$bundle" .js)
            [[ "$name" == "cli" ]] && continue  # skip cli.js, already uploaded above

            gh release create "${name}-latest" \
              --title "${name} bundle v${{ steps.version.outputs.version }}" \
              --notes "Pre-built ${name} cloud provider bundle.

          Downloaded by \`sh/${name}/*.sh\` shims for \`bash <(curl ...)\` execution.

          **Built:** $(date -u +%Y-%m-%dT%H:%M:%SZ)" \
              --prerelease 2>/dev/null || true

            gh release upload "${name}-latest" "$bundle" --clobber
          done