name: Android CI/CD

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main, develop]
  workflow_dispatch:

jobs:

  android-test:
    name: Android — Gradle Unit Tests
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup JDK
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: temurin

      - name: Cache Gradle packages
        uses: actions/cache@v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: ${{ runner.os }}-gradle-

      - name: Grant Gradle execute permission
        run: chmod +x gradlew

      - name: Run unit tests
        run: ./gradlew :{{module}}:testDebugUnitTest

      - name: Upload test reports
        uses: actions/upload-artifact@v4
        with:
          name: test-results
          path: '{{module}}/build/reports/tests/'
          if-no-files-found: warn

  android-sign:
    name: Android — Sign Release AAB
    runs-on: ubuntu-latest
    needs: android-test
    if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main'
    env:
      KEYSTORE_FILE: ${{ secrets.KEYSTORE_FILE }}
      KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
      KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
      KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup JDK
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: temurin

      - name: Cache Gradle packages
        uses: actions/cache@v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: ${{ runner.os }}-gradle-

      - name: Grant Gradle execute permission
        run: chmod +x gradlew

      - name: Decode keystore
        run: echo "$KEYSTORE_FILE" | base64 --decode > keystore.jks
        env:
          KEYSTORE_FILE: ${{ secrets.KEYSTORE_FILE }}

      - name: Build signed release AAB
        run: |
          ./gradlew :{{module}}:bundleRelease \
            -Pandroid.injected.signing.store.file=$(pwd)/keystore.jks \
            -Pandroid.injected.signing.store.password="$KEYSTORE_PASSWORD" \
            -Pandroid.injected.signing.key.alias="$KEY_ALIAS" \
            -Pandroid.injected.signing.key.password="$KEY_PASSWORD"
        env:
          KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
          KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
          KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}

      - name: Upload signed AAB
        uses: actions/upload-artifact@v4
        with:
          name: release-aab
          path: '{{module}}/build/outputs/bundle/release/*.aab'

  android-deploy:
    name: Android — Play Console Deploy
    runs-on: ubuntu-latest
    needs: android-sign
    if: github.ref == 'refs/heads/main'
    env:
      PLAY_STORE_JSON_KEY: ${{ secrets.PLAY_STORE_JSON_KEY }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Download signed AAB
        uses: actions/download-artifact@v4
        with:
          name: release-aab
          path: ./release

      - name: Setup Ruby for Fastlane
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 'bundler-cache: true'

      - name: Install Fastlane
        run: gem install fastlane --no-document

      - name: Decode Play Store JSON key
        run: echo "$PLAY_STORE_JSON_KEY" > play-store-key.json
        env:
          PLAY_STORE_JSON_KEY: ${{ secrets.PLAY_STORE_JSON_KEY }}

      - name: Upload to Play Console (internal track)
        run: |
          fastlane supply \
            --aab ./release/{{module}}/build/outputs/bundle/release/*.aab \
            --package_name "{{bundleId}}" \
            --track internal \
            --json_key ./play-store-key.json

# Required GitHub Secrets:
#   KEYSTORE_FILE        — Base64-encoded .jks keystore file
#   KEYSTORE_PASSWORD    — Password for the keystore file
#   KEY_ALIAS            — Alias of the signing key in the keystore
#   KEY_PASSWORD         — Password for the signing key
#   PLAY_STORE_JSON_KEY  — JSON content of the Google Play service account key
#
# Placeholders:
#   {{module}}           — Gradle module name (e.g. app)
#   {{bundleId}}         — Android application ID (e.g. com.example.myapp)
