.github/workflows/package.yml

name: Package Artifacts
on: 
  - workflow_dispatch
  - workflow_call
  
jobs:
  build-runtimes:
    name: build-${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: true
      matrix:
        os: [macos-latest, windows-latest]
        include:
          - os: macos-latest
            shell: bash
            runtime: DolbyIO.Comms.Sdk.Runtime.Osx
          - os: windows-latest
            shell: powershell
            runtime: DolbyIO.Comms.Sdk.Runtime.Win
    
    steps:
      - uses: actions/checkout@v2
      - uses: ./.github/actions/configure
        with:
          shell: ${{ matrix.shell }}

      - name: Build
        working-directory: ${{github.workspace}}/build
        run: cmake --build . -t DolbyIO.Comms.Native

      - if: ${{matrix.os == 'macos-latest'}}
        env:
          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
          IAPI_DOTNET_APP_SPECYFIC_PASSWORD: ${{ secrets.IAPI_DOTNET_APP_SPECYFIC_PASSWORD }}
        working-directory: ${{github.workspace}}/build/bin
        run: |
          # create variables
          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
          # import certificate and provisioning profile from secrets
          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
          # create temporary keychain
          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
          # import certificate to keychain
          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
          security list-keychain -d user -s $KEYCHAIN_PATH
          xcrun notarytool store-credentials "dotnet-sdk-notarization-profile" --apple-id "iapi@dolby.com" --team-id B55NRA8BRW --password "${IAPI_DOTNET_APP_SPECYFIC_PASSWORD}"
          codesign --force --strict --timestamp --sign 'Developer ID Application: VOXEET INC. (B55NRA8BRW)' *.dylib      

      - if: ${{matrix.os == 'windows-latest'}}
        working-directory: ${{github.workspace}}/build/bin
        run: |
          echo "${{ secrets.WINDOWS_CERTIFICATE }}" > data.b64
          certutil -decode data.b64 certificate.pfx 
          & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f ./certificate.pfx /p ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} /t http://timestamp.digicert.com/ DolbyIO.Comms.Sdk.dll
          & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f ./certificate.pfx /p ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} /t http://timestamp.digicert.com/ DolbyIO.Comms.Native.dll
          & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f ./certificate.pfx /p ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} /t http://timestamp.digicert.com/ dolbyio_comms_sdk.dll
          & 'C:/Program Files (x86)/Windows Kits/10/bin/10.0.17763.0/x86/signtool.exe' sign /f ./certificate.pfx /p ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} /t http://timestamp.digicert.com/ dolbyio_comms_media.dll
          Remove-Item -Recurse -Force certificate.pfx
      
      - name: Pack
        working-directory: ${{github.workspace}}/build
        run: dotnet pack dotnet/${{ matrix.runtime }}/${{ matrix.runtime }}.csproj

      - uses: actions/upload-artifact@v3
        with:
          name: nugets
          path: ${{github.workspace}}/build/bin/${{ matrix.runtime }}.*.nupkg

  build-packages:
    runs-on: macos-latest
    needs: [build-runtimes]
    steps:
      - uses: actions/checkout@v2
        with: 
          submodules: true
          lfs: true
      - uses: ./.github/actions/configure
      - uses: actions/download-artifact@v3
        with:
          name: nugets
          path: ${{ github.workspace }}/build/bin
      
      - run: cmake --build .
        working-directory: ${{github.workspace}}/build

      - run: dotnet pack dotnet/DolbyIO.Comms.Sdk/DolbyIO.Comms.Sdk.csproj
        working-directory: ${{github.workspace}}/build

      - name: Sign Nugets
        working-directory: ${{github.workspace}}/build/bin
        run: |
          echo "${{ secrets.WINDOWS_CERTIFICATE }}" | base64 --decode > certificate.pfx
          dotnet nuget sign DolbyIO.Comms.Sdk.*.nupkg --certificate-path ./certificate.pfx --certificate-password ${{ secrets.WINDOWS_CERTIFICATE_PASSWORD}} --timestamper http://timestamp.digicert.com/
          rm certificate.pfx
      - uses: actions/upload-artifact@v3
        with:
          name: nugets
          path: ${{github.workspace}}/build/bin/DolbyIO.Comms.Sdk.*.nupkg

      - run: dotnet publish dotnet/DolbyCMD/DolbyCMD.csproj -o CmdLine
        working-directory: ${{github.workspace}}/build

      - uses: actions/upload-artifact@v3
        with:
          name: CmdLine
          path: ${{github.workspace}}/build/CmdLine/

      - run: 7z x "${{github.workspace}}/build/bin/DolbyIO.Comms.Sdk.Runtime.*.nupkg" -o${{github.workspace}}/build "runtimes/*"
        working-directory: ${{github.workspace}}/build

      - uses: actions/upload-artifact@v3
        with:
          name: dolbyio-dotnet-binaries
          path: ${{github.workspace}}/build/runtimes/