name: build

on:
  workflow_call:
    inputs:
      crate:
        required: true
        type: string
      version:
        required: false
        type: string
      bin:
        required: false
        type: string
      git:
        required: false
        type: string
      ref:
        required: false
        type: string
      path:
        required: false
        type: string
      toolchain:
        required: false
        type: string
        default: stable
      locked:
        required: false
        type: boolean
        default: false

jobs:
  build:
    name: ${{inputs.crate}}
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: write
      attestations: write
    timeout-minutes: 45
    steps:
      - uses: actions/checkout@v4
      - uses: actions/checkout@v4
        with:
          repository: ${{inputs.git}}
          ref: ${{inputs.ref}}
          path: ${{inputs.crate}}
        if: inputs.git
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{inputs.toolchain}}
      - run: cargo install --force ${{inputs.git && format('--path={0}', inputs.path || '.') || inputs.crate}} ${{inputs.version && format('--version={0}', inputs.version) || ''}} --bin ${{inputs.bin || inputs.crate}} ${{inputs.locked && '--locked' || ''}}
        working-directory: ${{inputs.git && inputs.crate || '.'}}
      - id: which
        run: echo "which=$(which ${{inputs.bin || inputs.crate}})" >> $GITHUB_OUTPUT
      - id: version
        run: echo "version=$(cargo install --list | grep -o '^${{inputs.crate}} \([^ :]\)\+')" >> $GITHUB_OUTPUT
      - uses: actions/attest-build-provenance@v2
        with:
          subject-path: ${{steps.which.outputs.which}}
      - run: git tag -d ${{inputs.crate}} || true
      - run: git tag ${{inputs.crate}}
      - run: git push origin tag ${{inputs.crate}} --force
      - uses: softprops/action-gh-release@v2
        with:
          tag_name: ${{inputs.crate}}
          target_commitish: ${{github.ref}}
          files: ${{steps.which.outputs.which}}
          fail_on_unmatched_files: true
          body: ${{steps.version.outputs.version}}