name: Netlify - Deploy
on:
  workflow_call:
    inputs:
      pr_number:
        required: true
      pr_head_full_name:
        required: true
      pr_head_ref:
        required: true
      deployment_ref:
        required: true
    secrets:
      ELEMENT_BOT_TOKEN:
        required: true
      NETLIFY_AUTH_TOKEN:
        required: true
      NETLIFY_SITE_ID:
        required: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    permissions:
      deployments: write
    environment: Netlify
    steps:
      - run: ${{ tojson(github.event) }}
        shell: cat {0}

      - name: 📝 Create Deployment
        uses: bobheadxi/deployments@v1
        id: deployment
        with:
          step: start
          token: ${{ secrets.GITHUB_TOKEN }}
          env: Netlify
          ref: ${{ inputs.deployment_ref }}
          desc: |
            Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
            Exercise caution. Use test accounts.

      - name: 📥 Download artifact
        uses: actions/download-artifact@v4
        with:
          github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
          run-id: ${{ github.event.workflow_run.id }}
          name: build-output
          path: webapp

      - name: Add redirects file
        # We fetch from github directly as we don't bother checking out the repo
        run: curl -s https://raw.githubusercontent.com/element-hq/element-call/main/config/netlify_redirects > webapp/_redirects

      - name: Add config file
        run: curl -s "https://raw.githubusercontent.com/${{ inputs.pr_head_full_name }}/${{ inputs.pr_head_ref }}/config/element_io_preview.json" > webapp/config.json

      - name: ☁️ Deploy to Netlify
        id: netlify
        uses: nwtgck/actions-netlify@v3.0
        with:
          publish-dir: webapp
          deploy-message: "Deploy from GitHub Actions"
          alias: pr${{ inputs.pr_number }}
        env:
          NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
          NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
        timeout-minutes: 1

      - name: 🚦 Update deployment status
        uses: bobheadxi/deployments@v1
        if: always()
        with:
          step: finish
          override: false
          token: ${{ secrets.GITHUB_TOKEN }}
          status: ${{ job.status }}
          env: ${{ steps.deployment.outputs.env }}
          deployment_id: ${{ steps.deployment.outputs.deployment_id }}
          env_url: ${{ steps.netlify.outputs.deploy-url }}
          desc: |
            Do you trust the author of this PR? Maybe this build will steal your keys or give you malware.
            Exercise caution. Use test accounts.