name: Build macOS M1
on: [push, pull_request]
jobs:
  Main:
    # We always process desktop release tags, because they also publish the release
    if: github.repository == 'laurent22/joplin'
    runs-on: macos-latest
    steps:

      - uses: actions/checkout@v4
      - uses: olegtarasov/get-tag@v2.1.3
      - uses: actions/setup-node@v4
        with:
          # We need to pin the version to 18.15, because 18.16+ fails with this error:
          # https://github.com/facebook/react-native/issues/36440
          node-version: '18.15.0'
          cache: 'yarn'

      - name: Install Yarn
        run: |
          # https://yarnpkg.com/getting-started/install
          corepack enable

      - name: Install macOs dependencies
        if: runner.os == 'macOS'
        run: |
          # Required for building the canvas package
          brew install pango

      # See github-action-main.yml for explanation
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Set Publish Flag
        run: |
          if [[ $GIT_TAG_NAME = v* ]]; then
            echo "PUBLISH_ENABLED=true" >> $GITHUB_ENV
          else
            echo "PUBLISH_ENABLED=false" >> $GITHUB_ENV
          fi

      - name: Build macOS M1 app
        env:
          APPLE_ASC_PROVIDER: ${{ secrets.APPLE_ASC_PROVIDER }}
          APPLE_ID: ${{ secrets.APPLE_ID }}
          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
          CSC_KEY_PASSWORD: ${{ secrets.APPLE_CSC_KEY_PASSWORD }}
          CSC_LINK: ${{ secrets.APPLE_CSC_LINK }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GH_REPO: ${{ github.repository }}
          IS_CONTINUOUS_INTEGRATION: 1
          BUILD_SEQUENCIAL: 1
          PUBLISH_ENABLED: ${{ env.PUBLISH_ENABLED }}
        run: |
          export npm_config_arch=arm64
          export npm_config_target_arch=arm64
          yarn install
          cd packages/app-desktop
          npm pkg set 'build.mac.artifactName'='${productName}-${version}-${arch}.${ext}'
          npm pkg set 'build.mac.target[0].target'='dmg'
          npm pkg set 'build.mac.target[0].arch[0]'='arm64'
          npm pkg set 'build.mac.target[1].target'='zip'
          npm pkg set 'build.mac.target[1].arch[0]'='arm64'

          if [[ "$PUBLISH_ENABLED" == "true" ]]; then
            echo "Building and publishing desktop application..."
            PYTHON_PATH=$(which python) USE_HARD_LINKS=false yarn dist --mac --arm64

            yarn modifyReleaseAssets --repo="$GH_REPO" --tag="$GIT_TAG_NAME" --token="$GITHUB_TOKEN"
          else
            echo "Building but *not* publishing desktop application..."

            # We also want to disable signing the app in this case, because
            # it doesn't work and we don't need it.
            # https://www.electron.build/code-signing#how-to-disable-code-signing-during-the-build-process-on-macos

            export CSC_IDENTITY_AUTO_DISCOVERY=false
            npm pkg set 'build.mac.identity'=null --json

            PYTHON_PATH=$(which python) USE_HARD_LINKS=false yarn dist  --mac --arm64 --publish=never
          fi