.github/workflows/release-app.yml

name: Release - App

on:
  workflow_call:
    inputs:
      publish-envs:
        description: 'The environments to publish to, needs to be a json array with names and roles, e.g. `[{name: "Staging", role: "arn:aws:iam::account:role/role-name"}`'
        type: string
        required: false
        default: '[]'
      image-name:
        description: 'The name of the image to publish'
        type: string
        default: ${{ vars.IMAGE_NAME }}
      aws-region:
        description: 'The AWS region to publish to'
        type: string
        default: ${{ vars.AWS_REGION }}
      run-label:
        description: 'The run label to use for the actions'
        type: string
        default: 'ubuntu-latest'
    secrets:
      RELEASE_PAT:
        required: true
    outputs:
      version:
        description: 'The released version'
        value: ${{ jobs.update_version.outputs.version }}

permissions:
  contents: write
  id-token: write
  packages: write

jobs:
  update_version:
    name: Update Version
    runs-on: ${{ inputs.run-label }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: recursive
          token: ${{ secrets.PRIVATE_SUBMODULE_ACCESS_TOKEN || github.token }}
          fetch-depth: 0
          # Don't persist the credentials because we are using the token to fetch the 
          # private submodule and then we are using different token to create a release
          persist-credentials: false

      - name: Release
        id: release
        uses: WalletConnect/actions/github/update-rust-version/@2.5.4
        with:
          token: ${{ secrets.RELEASE_PAT }}
    outputs:
      version: ${{ steps.release.outputs.version }}

  display_version:
    name: Version ➠ ${{ needs.update_version.outputs.version }}
    needs: [ update_version ]
    runs-on: ${{ inputs.run-label }}
    steps:
      - run: echo "Version = ${{ needs.update_version.outputs.version }}"

  publish:
    name: Publish ${{ needs.update_version.outputs.version }} ❱❱ ${{ matrix.env.name }}
    needs: [ update_version ]
    strategy:
      fail-fast: false
      matrix:
        env: ${{ fromJson(inputs.publish-envs) }}
    secrets: inherit
    uses: ./.github/workflows/build-publish.yml
    with:
      version: ${{ needs.update_version.outputs.version }}
      image-name: ${{ inputs.image-name }}
      aws-region: ${{ inputs.aws-region }}
      aws-role-arn: ${{ matrix.env.role }}
      run-label: ${{ inputs.run-label }}