name: Run Release Please

on:
  workflow_dispatch:
    inputs:

  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  release-please:
    runs-on: ubuntu-latest
    permissions:
      contents: write # for googleapis/release-please-action to create release commit
      pull-requests: write # for googleapis/release-please-action to create release PR
    # Release-please creates a PR that tracks all changes
    steps:
      - uses: googleapis/release-please-action@v4
        id: release
        with:
          token: ${{secrets.GITHUB_TOKEN}}
          target-branch: main
      - name: Dump Release Please Output
        env:
          RELEASE_PLEASE_OUTPUT: ${{ toJson(steps.release.outputs) }}
        run: |
          echo "$RELEASE_PLEASE_OUTPUT"
    outputs:
      release_created: ${{ steps.release.outputs.releases_created }}
      all: ${{ toJSON(steps.release.outputs) }}
      paths_released: ${{ steps.release.outputs.paths_released }}

  pypi-release:
    needs: release-please
    runs-on: ubuntu-latest
    if: ${{ needs.release-please.outputs.release_created }}
    strategy:
      matrix:
        path: ${{ fromJSON(needs.release-please.outputs.paths_released) }}
    environment: release
    permissions:
      # IMPORTANT: this permission is mandatory for trusted publishing to pypi
      id-token: write
    container:
      image: "python:3.12"

    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Upgrade pip
        run: pip install --upgrade pip

      - name: Install hatch
        run: pip install hatch

      - name: Build a binary wheel and a source tarball
        run: hatch build
        working-directory: ${{ matrix.path }}

      - name: Publish a Python distribution to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          packages-dir: ${{ matrix.path }}/dist