name: build

on:
  workflow_call:
    inputs:
      crate:
        required: true
        type: string
      bin:
        required: false
        type: string
      git:
        required: false
        type: string
      branch:
        required: false
        type: string
    secrets:
      private_key:
        required: true

jobs:
  build:
    name: ${{inputs.crate}}
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - uses: actions/checkout@v3
      - uses: dtolnay/rust-toolchain@stable
      - run: cargo install --force ${{inputs.crate}} --bin ${{inputs.bin || inputs.crate}} ${{inputs.git && format('--git={0}', inputs.git) || ''}} ${{inputs.branch && format('--branch={0}', inputs.branch) || ''}}
      - id: which
        run: echo "::set-output name=which::$(which ${{inputs.bin || inputs.crate}})"
      - id: version
        run: echo "::set-output name=version::$(cargo install --list | grep -o '^${{inputs.crate}} \([^ :]\)\+')"
      - run: echo "$PRIVATE_KEY" | gpg --import
        env:
          PRIVATE_KEY: ${{secrets.private_key}}
      - run: gpg --output ${{inputs.bin || inputs.crate}}.sig --detach-sig ${{steps.which.outputs.which}}
      - run: gpg --output signing-key.gpg --dearmor signing-key.asc
      - run: gpg --no-default-keyring --keyring ./signing-key.gpg --verify ${{inputs.bin || inputs.crate}}.sig ${{steps.which.outputs.which}}
      - run: git tag -d ${{inputs.crate}} || true
      - run: git tag ${{inputs.crate}}
      - run: git push origin tag ${{inputs.crate}} --force
      - uses: softprops/action-gh-release@v1
        with:
          tag_name: ${{inputs.crate}}
          target_commitish: ${{github.ref}}
          files: |
            ${{steps.which.outputs.which}}
            ${{inputs.bin || inputs.crate}}.sig
          fail_on_unmatched_files: true
          body: ${{steps.version.outputs.version}}