# singularity-forge + CI: manual @dev channel publish with approval gate
name: Dev Publish

# Manual pre-release. Click "Run workflow" in the Actions tab to stamp a
# version and publish @dev to npm. Gated by the `dev` GitHub Environment
# (configure reviewers in repo Settings -> Environments).

on:
  workflow_dispatch:
    inputs:
      ref:
        description: 'Branch or SHA to publish as @dev'
        required: false
        default: 'main'

concurrency:
  group: dev-publish-${{ github.event.inputs.ref }}
  cancel-in-progress: false

permissions:
  contents: read
  packages: write

jobs:
  dev-publish:
    name: Dev Publish
    runs-on: ubuntu-latest
    environment: dev
    outputs:
      dev-version: ${{ steps.stamp.outputs.version }}
    steps:
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.event.inputs.ref }}
          token: ${{ secrets.RELEASE_PAT }}
          fetch-depth: 0

      - name: Mark workspace safe for git
        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

      - uses: actions/setup-node@v6
        with:
          node-version: '24.15'
          registry-url: https://registry.npmjs.org
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Install web host dependencies
        run: npm --prefix web ci

      - name: Cache Next.js build
        uses: actions/cache@v4
        with:
          path: web/.next/cache
          key: nextjs-${{ runner.os }}-${{ hashFiles('web/package-lock.json') }}-${{ hashFiles('web/app/**', 'web/components/**', 'web/lib/**', 'web/hooks/**') }}
          restore-keys: |
            nextjs-${{ runner.os }}-${{ hashFiles('web/package-lock.json') }}-
            nextjs-${{ runner.os }}-

      - name: Build core
        run: npm run build:core

      - name: Build web host
        run: npm run build:web-host

      - name: Stamp dev version and sync platform packages
        id: stamp
        env:
          VERSION_CHANNEL: dev
        run: |
          npm run pipeline:version-stamp
          npm run sync-platform-versions
          echo "version=$(node -e 'process.stdout.write(require("./package.json").version)')" >> "$GITHUB_OUTPUT"

      - name: Smoke test
        run: |
          chmod +x dist/loader.js
          export SF_SMOKE_BINARY="$(pwd)/dist/loader.js"
          npm run test:smoke

      - name: Publish @dev
        env:
          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: |
          VERSION=$(node -e 'process.stdout.write(require("./package.json").version)')
          if npm view "singularity-forge@${VERSION}" version 2>/dev/null; then
            echo "Version ${VERSION} already published — moving @dev tag"
            npm dist-tag add "singularity-forge@${VERSION}" dev
          else
            npm publish --tag dev
          fi
          echo "Verifying singularity-forge@${VERSION} is reachable on npm..."
          for i in 1 2 3 4 5; do
            npm view "singularity-forge@${VERSION}" version 2>/dev/null && echo "Confirmed: singularity-forge@${VERSION} is live." && exit 0
            echo "Attempt $i: not yet visible — waiting 10s..."
            sleep 10
          done
          echo "::error::Publish step succeeded but singularity-forge@${VERSION} is not reachable on npm after 50s. Check NPM_TOKEN permissions and registry config."
          exit 1

  dev-verify:
    name: Dev Verify (installed package)
    needs: dev-publish
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
        with:
          ref: ${{ github.event.inputs.ref }}

      - uses: actions/setup-node@v6
        with:
          node-version: '24.15'
          registry-url: https://registry.npmjs.org
          cache: 'npm'

      - name: Install published singularity-forge@dev globally (with registry propagation retry)
        env:
          DEV_VERSION: ${{ needs.dev-publish.outputs.dev-version }}
        run: |
          for i in 1 2 3 4 5 6; do
            npm install -g "singularity-forge@${DEV_VERSION}" && exit 0
            echo "Attempt $i failed — waiting 10s for npm registry propagation..."
            sleep 10
          done
          echo "::error::Failed to install singularity-forge@${DEV_VERSION} after 6 attempts."
          echo "::error::Recommended actions: (1) investigate the failing step above, (2) if the version exists on npm, deprecate it with 'npm deprecate singularity-forge@${DEV_VERSION} \"broken build; see Actions run\"', (3) cut a fix and re-run Dev Publish."
          exit 1

      - name: Run smoke tests (against installed binary)
        run: |
          export SF_SMOKE_BINARY=$(which sf)
          npm run test:smoke

      - name: Install repo dependencies (for regression harness)
        run: npm ci

      - name: Run live regression tests (against installed binary)
        run: |
          export SF_SMOKE_BINARY=$(which sf)
          npm run test:live-regression

      - name: Warn on verify failure
        if: failure()
        env:
          DEV_VERSION: ${{ needs.dev-publish.outputs.dev-version }}
        run: |
          echo "::error::Post-publish verification failed for singularity-forge@${DEV_VERSION}."
          echo "::error::Recommended actions: (1) investigate the failing step above, (2) if the version exists on npm, deprecate it with 'npm deprecate singularity-forge@${DEV_VERSION} \"broken build; see Actions run\"', (3) cut a fix and re-run Dev Publish."
          exit 1