.github/workflows/ppa-automation.yaml

name: PPA Automated Releases
on:
  push:
    branches:
      - 'releases/[0-9]+.[0-9a-z]+.[0-9a-z]+'
    tags:
      - 'v[0-9]+.[0-9a-z]+.[0-9a-z]+'
  schedule:
    - cron: '0 5 * * *'

jobs:
  ppa-release-candidate:
    name: PPA Releases
    if: github.repository == 'mozilla-mobile/mozilla-vpn-client'
    runs-on: ubuntu-latest
    environment: PPA Automation
    steps:
      - name: Checkout sources
        uses: actions/checkout@v3
        with:
          submodules: 'recursive'

      - name: Install dependencies
        shell: bash
        run: |
          sudo apt-get update
          sudo apt-get install golang debhelper devscripts dput-ng -y
          pip3 install -r requirements.txt

      - name: Build source bundle
        id: gen-source
        shell: bash
        env:
          GITREF: ${{github.ref}}
        run: |
          ./scripts/linux/script.sh --source --gitref ${GITREF}

          if [[ "$GITREF" == "refs/heads/main" ]]; then
            echo "ppa-url=ppa:okirby/mozilla-vpn-nightly" >> $GITHUB_OUTPUT
            if [[ ! -z $(git rev-list --after="25 hours" ${{github.sha}}) ]]; then
              echo "submit-changes=true" >> $GITHUB_OUTPUT
            fi
          else
            echo "ppa-url=ppa:okirby/mozilla-vpn-testing" >> $GITHUB_OUTPUT
            echo "submit-changes=true" >> $GITHUB_OUTPUT
          fi

      - name: Push to Launchpad PPA
        shell: bash
        working-directory: .tmp
        if: ${{ steps.gen-source.outputs.submit-changes == 'true' }}
        env:
          DEBEMAIL: ${{ github.actor }}@users.noreply.github.com
          DEBFULLNAME: ${{ github.actor }}
          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
          GPG_PASSWORD: ${{ secrets.GPG_PASSWORD }}
          GNUPGHOME: ${{ runner.temp }}/gnupg-data
          PPA_TARGET_DISTS: focal jammy lunar mantic
          PPA_URL: ${{ steps.gen-source.outputs.ppa-url }}
        run: |
          mkdir -m700 $GNUPGHOME
          echo "allow-preset-passphrase" > $GNUPGHOME/gpg-agent.conf
          gpgconf --kill gpg-agent

          echo "$GPG_PRIVATE_KEY" | gpg --import --batch
          KEYID=$(gpg --with-colons --list-keys | grep -m1 '^fpr:' | tr -d [fpr:])
          KEYGRIP=$(gpg --with-colons --with-keygrip --list-keys | grep -m1 '^grp:' | tr -d [grp:])
          echo "$GPG_PASSWORD" | /lib/gnupg2/gpg-preset-passphrase --preset $KEYGRIP

          JOB_EXIT_CODE=0
          PACKAGE_DSC_FILE=$(find . -name '*.dsc')
          for dist in ${PPA_TARGET_DISTS}; do
            dpkg-source -x ${PACKAGE_DSC_FILE} $(pwd)/mozillavpn-source/

            PACKAGE_SOURCE_NAME=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Source)
            PACKAGE_BASE_VERSION=$(dpkg-parsechangelog -l mozillavpn-source/debian/changelog -S Version)
            PACKAGE_DIST_VERSION=${PACKAGE_BASE_VERSION}-${dist}1

            dch -c $(pwd)/mozillavpn-source/debian/changelog -v ${PACKAGE_DIST_VERSION} -D ${dist}  "Release for ${dist}"
            (cd mozillavpn-source && dpkg-buildpackage --build=source --sign-key=$KEYID -sa --no-check-builddeps)

            dput $PPA_URL ${PACKAGE_SOURCE_NAME}_${PACKAGE_DIST_VERSION}_source.changes || JOB_EXIT_CODE=1
            rm -rf $(pwd)/mozillavpn-source
          done

          exit $JOB_EXIT_CODE

      - name: Uploading sources
        uses: actions/upload-artifact@v3
        if: always()
        with:
            name: Sources
            path: .tmp