name: Build macOS

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: macos-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 22

      - name: Install dependencies
        run: npm install
        working-directory: simpliplay

      - name: Create a temporary keychain
        run: |
          security create-keychain -p "" build.keychain
          security list-keychains -s build.keychain login.keychain-db
          security unlock-keychain -p "" build.keychain

      - name: Check PEM secret presence
        env:
          CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
        run: |
          if [ -z "$CERT_PEM" ]; then
            echo "PEM secret is empty or missing!"
            exit 1
          else
            echo "PEM is set"
          fi

      - name: Write PEM file and import
        env:
          CERT_PEM: ${{ secrets.MAC_CERTIFICATE_PEM }}
        run: |
          echo "$CERT_PEM" > cert.pem
          
          # Import certificate (assuming private key is included in PEM)
          security import cert.pem \
            -k build.keychain \
            -T /usr/bin/codesign

          security set-key-partition-list \
            -S apple-tool:,apple: \
            -s \
            -k "" \
            build.keychain

      - name: Build macOS
        env:
          CSC_IDENTITY_AUTO_DISCOVERY: false
          CSC_KEYCHAIN: build.keychain
          CSC_NAME: "Anirudh Sevugan"
        run: npx electron-builder --mac --x64 --arm64 --universal
        working-directory: simpliplay

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: builds
          path: simpliplay/dist/*.dmg

      - name: Delete temporary keychain
        if: always()
        run: |
          security delete-keychain build.keychain