name: Build macOS

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: macos-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 22

      - name: Clean up caches
        run: |
          npm cache clean --force
          rm -rf ~/Library/Caches/electron-builder
        working-directory: simpliplay

      - name: Install dependencies
        run: npm install
        working-directory: simpliplay

      # This step creates the DMG with its UI for all three architectures.
      # By default, it creates them as read/write sparse images.
      - name: Package all app bundles into DMGs
        run: npx electron-builder --mac --x64 --arm64 --universal
        working-directory: simpliplay

      # This is the key step that signs and converts all three DMGs.
      - name: Sign and convert all DMGs
        run: |
          # Get a list of all generated DMGs
          DMGS=$(find dist -name "*.dmg" -print)
          
          # Loop through each DMG file
          for DMG_PATH in $DMGS; do
            echo "Processing $DMG_PATH"
            
            # Extract the DMG name (e.g., SimpliPlay.dmg)
            DMG_BASENAME=$(basename "$DMG_PATH")
            
            # The mount point needs to be unique for each DMG.
            MOUNT_PATH="/Volumes/${DMG_BASENAME%.*}"
            
            echo "Mounting DMG: $DMG_PATH"
            hdiutil attach "$DMG_PATH" -mountpoint "$MOUNT_PATH"
            
            # The app bundle path inside the DMG
            APP_PATH="$MOUNT_PATH/SimpliPlay.app"
            
            if [ -d "$APP_PATH" ]; then
              # Force ad-hoc signing on the app bundle inside the mounted DMG
              echo "Ad-hoc signing app bundle inside the mounted DMG..."
              codesign --force --deep --sign - "$APP_PATH"
            else
              echo "Error: Could not find app bundle at $APP_PATH"
              exit 1
            fi
            
            # Unmount the DMG
            echo "Unmounting DMG..."
            hdiutil detach "$MOUNT_PATH"
            
            # Define the final output path
            FINAL_DMG_PATH="dist/$(basename "${DMG_PATH%.*}")-signed.dmg"
            
            # Convert the read/write DMG to a final, compressed, read-only DMG.
            echo "Converting to compressed, read-only DMG: $FINAL_DMG_PATH"
            hdiutil convert "$DMG_PATH" -format UDZO -o "$FINAL_DMG_PATH"
          done
        working-directory: simpliplay

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: builds
          # Upload only the final signed DMGs
          path: simpliplay/dist/*-signed.dmg