agent-tools-interface 0.7.8

name: Release

on:
  push:
    tags: ['v*']

permissions:
  contents: write
  id-token: write
  attestations: write

env:
  CARGO_TERM_COLOR: always

jobs:
  build:
    name: Build ${{ matrix.target }}${{ matrix.suffix }}
    strategy:
      matrix:
        include:
          # Default builds (no Sentry)
          - target: x86_64-unknown-linux-musl
            os: ubuntu-latest
            features: ""
            suffix: ""
          - target: aarch64-unknown-linux-musl
            os: ubuntu-latest
            features: ""
            suffix: ""
          - target: x86_64-apple-darwin
            os: macos-latest
            features: ""
            suffix: ""
          - target: aarch64-apple-darwin
            os: macos-latest
            features: ""
            suffix: ""
          # Sentry builds
          - target: x86_64-unknown-linux-musl
            os: ubuntu-latest
            features: "sentry"
            suffix: "-sentry"
          - target: aarch64-unknown-linux-musl
            os: ubuntu-latest
            features: "sentry"
            suffix: "-sentry"
          - target: x86_64-apple-darwin
            os: macos-latest
            features: "sentry"
            suffix: "-sentry"
          - target: aarch64-apple-darwin
            os: macos-latest
            features: "sentry"
            suffix: "-sentry"
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master
        with:
          toolchain: stable
          targets: ${{ matrix.target }}

      - name: Install musl-tools (Linux x86_64)
        if: matrix.target == 'x86_64-unknown-linux-musl'
        run: sudo apt-get update && sudo apt-get install -y musl-tools

      - name: Install cross (Linux aarch64)
        if: matrix.target == 'aarch64-unknown-linux-musl'
        run: cargo install cross --locked

      - name: Install cargo-auditable
        run: cargo install cargo-auditable --locked

      - name: Build (native)
        if: matrix.target != 'aarch64-unknown-linux-musl'
        run: cargo auditable build --release --target ${{ matrix.target }} ${{ matrix.features && format('--features {0}', matrix.features) }}

      - name: Build (cross-compile)
        if: matrix.target == 'aarch64-unknown-linux-musl'
        run: cross build --release --target ${{ matrix.target }} ${{ matrix.features && format('--features {0}', matrix.features) }}

      - name: Generate checksum
        run: shasum -a 256 target/${{ matrix.target }}/release/ati > ati-${{ matrix.target }}${{ matrix.suffix }}.sha256

      - name: Attest build provenance
        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
        with:
          subject-path: target/${{ matrix.target }}/release/ati

      - name: Upload artifact
        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: ati-${{ matrix.target }}${{ matrix.suffix }}
          path: |
            target/${{ matrix.target }}/release/ati
            ati-${{ matrix.target }}${{ matrix.suffix }}.sha256

  release:
    name: Publish GitHub Release
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
        with:
          path: artifacts

      - name: Prepare release files
        run: |
          mkdir -p release
          for dir in artifacts/ati-*/; do
            artifact_name=$(basename "$dir" | sed 's/^ati-//')
            # Strip -sentry suffix to get the cargo target triple
            target=$(echo "$artifact_name" | sed 's/-sentry$//')
            cp "$dir/target/$target/release/ati" "release/ati-$artifact_name"
            cp "$dir"/ati-*.sha256 "release/" 2>/dev/null || true
          done

      - name: Create GitHub Release
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0
        with:
          generate_release_notes: true
          files: release/*

  publish-crates:
    name: Publish to crates.io
    needs: release
    runs-on: ubuntu-latest
    environment:
      name: crates-io
      url: https://crates.io/crates/agent-tools-interface
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - uses: dtolnay/rust-toolchain@efa25f7f19611383d5b0ccf2d1c8914531636bf9 # master
        with:
          toolchain: stable

      - name: Publish to crates.io
        run: cargo publish --no-verify
        env:
          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

  publish-pypi:
    name: Publish ati-client to PyPI
    needs: release
    runs-on: ubuntu-latest
    environment:
      name: pypi
      url: https://pypi.org/project/ati-client/
    permissions:
      id-token: write
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: '3.12'

      - name: Sync version from tag
        run: |
          VERSION="${GITHUB_REF_NAME#v}"
          sed -i "s/^version = .*/version = \"${VERSION}\"/" ati-client/python/pyproject.toml

      - name: Install build tools
        run: pip install build

      - name: Build package
        working-directory: ati-client/python
        run: python -m build

      - name: Publish to PyPI
        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
        with:
          packages-dir: ati-client/python/dist/