name: Build Artifacts
on:
  workflow_call:
    inputs:
      version:
        required: true
        type: string
      channel:
        required: false
        default: stable
        type: string
      unix:
        default: true
        type: boolean
      linux_arm:
        default: true
        type: boolean
      macos:
        default: true
        type: boolean
      macos_legacy:
        default: true
        type: boolean
      windows:
        default: true
        type: boolean
      windows32:
        default: true
        type: boolean
      meta_files:
        default: true
        type: boolean
      origin:
        required: false
        default: ''
        type: string
    secrets:
      GPG_SIGNING_KEY:
        required: false

  workflow_dispatch:
    inputs:
      version:
        description: |
          VERSION: yyyy.mm.dd[.rev] or rev
        required: true
        type: string
      channel:
        description: |
          SOURCE of this build's updates: stable/nightly/master/<repo>
        required: true
        default: stable
        type: string
      unix:
        description: yt-dlp, yt-dlp.tar.gz, yt-dlp_linux, yt-dlp_linux.zip
        default: true
        type: boolean
      linux_arm:
        description: yt-dlp_linux_aarch64, yt-dlp_linux_armv7l
        default: true
        type: boolean
      macos:
        description: yt-dlp_macos, yt-dlp_macos.zip
        default: true
        type: boolean
      macos_legacy:
        description: yt-dlp_macos_legacy
        default: true
        type: boolean
      windows:
        description: yt-dlp.exe, yt-dlp_min.exe, yt-dlp_win.zip
        default: true
        type: boolean
      windows32:
        description: yt-dlp_x86.exe
        default: true
        type: boolean
      meta_files:
        description: SHA2-256SUMS, SHA2-512SUMS, _update_spec
        default: true
        type: boolean
      origin:
        description: Origin
        required: false
        default: 'current repo'
        type: choice
        options:
        - 'current repo'

permissions:
  contents: read

jobs:
  process:
    runs-on: ubuntu-latest
    outputs:
      origin: ${{ steps.process_origin.outputs.origin }}
    steps:
      - name: Process origin
        id: process_origin
        run: |
          echo "origin=${{ inputs.origin == 'current repo' && github.repository || inputs.origin }}" | tee "$GITHUB_OUTPUT"

  unix:
    needs: process
    if: inputs.unix
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Needed for changelog
      - uses: actions/setup-python@v5
        with:
          python-version: "3.10"
      - uses: conda-incubator/setup-miniconda@v3
        with:
          miniforge-variant: Mambaforge
          use-mamba: true
          channels: conda-forge
          auto-update-conda: true
          activate-environment: ""
          auto-activate-base: false
      - name: Install Requirements
        run: |
          sudo apt -y install zip pandoc man sed
          cat > ./requirements.txt << EOF
          python=3.10.*
          pyinstaller
          brotli-python
          EOF
          python devscripts/install_deps.py --print \
            --exclude brotli --exclude brotlicffi \
            --include secretstorage >> ./requirements.txt
          mamba create -n build --file ./requirements.txt

      - name: Prepare
        run: |
          python devscripts/update-version.py -c "${{ inputs.channel }}" -r "${{ needs.process.outputs.origin }}" "${{ inputs.version }}"
          python devscripts/update_changelog.py -vv
          python devscripts/make_lazy_extractors.py
      - name: Build Unix platform-independent binary
        run: |
          make all tar
      - name: Build Unix standalone binary
        shell: bash -l {0}
        run: |
          unset LD_LIBRARY_PATH  # Harmful; set by setup-python
          conda activate build
          python -m bundle.pyinstaller --onedir
          (cd ./dist/yt-dlp_linux && zip -r ../yt-dlp_linux.zip .)
          python -m bundle.pyinstaller
          mv ./dist/yt-dlp_linux ./yt-dlp_linux
          mv ./dist/yt-dlp_linux.zip ./yt-dlp_linux.zip

      - name: Verify --update-to
        if: vars.UPDATE_TO_VERIFICATION
        run: |
          binaries=("yt-dlp" "yt-dlp_linux")
          for binary in "${binaries[@]}"; do
            chmod +x ./${binary}
            cp ./${binary} ./${binary}_downgraded
            version="$(./${binary} --version)"
            ./${binary}_downgraded -v --update-to yt-dlp/yt-dlp@2023.03.04
            downgraded_version="$(./${binary}_downgraded --version)"
            [[ "$version" != "$downgraded_version" ]]
          done

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-bin-${{ github.job }}
          path: |
            yt-dlp
            yt-dlp.tar.gz
            yt-dlp_linux
            yt-dlp_linux.zip
          compression-level: 0

  linux_arm:
    needs: process
    if: inputs.linux_arm
    permissions:
      contents: read
      packages: write # for creating cache
    runs-on: ubuntu-latest
    strategy:
      matrix:
        architecture:
          - armv7
          - aarch64

    steps:
      - uses: actions/checkout@v4
        with:
          path: ./repo
      - name: Virtualized Install, Prepare & Build
        uses: yt-dlp/run-on-arch-action@v2
        with:
          # Ref: https://github.com/uraimo/run-on-arch-action/issues/55
          env: |
            GITHUB_WORKFLOW: build
          githubToken: ${{ github.token }} # To cache image
          arch: ${{ matrix.architecture }}
          distro: ubuntu18.04 # Standalone executable should be built on minimum supported OS
          dockerRunArgs: --volume "${PWD}/repo:/repo"
          install: | # Installing Python 3.10 from the Deadsnakes repo raises errors
            apt update
            apt -y install zlib1g-dev libffi-dev python3.8 python3.8-dev python3.8-distutils python3-pip
            python3.8 -m pip install -U pip setuptools wheel
            # Cannot access any files from the repo directory at this stage
            python3.8 -m pip install -U Pyinstaller mutagen pycryptodomex websockets brotli certifi secretstorage cffi

          run: |
            cd repo
            python3.8 devscripts/install_deps.py -o --include build
            python3.8 devscripts/install_deps.py --include pyinstaller --include secretstorage  # Cached version may be out of date
            python3.8 devscripts/update-version.py -c "${{ inputs.channel }}" -r "${{ needs.process.outputs.origin }}" "${{ inputs.version }}"
            python3.8 devscripts/make_lazy_extractors.py
            python3.8 -m bundle.pyinstaller

            if ${{ vars.UPDATE_TO_VERIFICATION && 'true' || 'false' }}; then
              arch="${{ (matrix.architecture == 'armv7' && 'armv7l') || matrix.architecture }}"
              chmod +x ./dist/yt-dlp_linux_${arch}
              cp ./dist/yt-dlp_linux_${arch} ./dist/yt-dlp_linux_${arch}_downgraded
              version="$(./dist/yt-dlp_linux_${arch} --version)"
              ./dist/yt-dlp_linux_${arch}_downgraded -v --update-to yt-dlp/yt-dlp@2023.03.04
              downgraded_version="$(./dist/yt-dlp_linux_${arch}_downgraded --version)"
              [[ "$version" != "$downgraded_version" ]]
            fi

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-bin-linux_${{ matrix.architecture }}
          path: | # run-on-arch-action designates armv7l as armv7
            repo/dist/yt-dlp_linux_${{ (matrix.architecture == 'armv7' && 'armv7l') || matrix.architecture }}
          compression-level: 0

  macos:
    needs: process
    if: inputs.macos
    runs-on: macos-11

    steps:
      - uses: actions/checkout@v4
      # NB: Building universal2 does not work with python from actions/setup-python
      - name: Install Requirements
        run: |
          brew install coreutils
          python3 devscripts/install_deps.py --user -o --include build
          python3 devscripts/install_deps.py --print --include pyinstaller > requirements.txt
          # We need to ignore wheels otherwise we break universal2 builds
          python3 -m pip install -U --user --no-binary :all: -r requirements.txt
          # We need to fuse our own universal2 wheels for curl_cffi
          python3 -m pip install -U --user delocate
          mkdir curl_cffi_whls curl_cffi_universal2
          python3 devscripts/install_deps.py --print -o --include curl_cffi > requirements.txt
          for platform in "macosx_11_0_arm64" "macosx_11_0_x86_64"; do
            python3 -m pip download \
              --only-binary=:all: \
              --platform "${platform}" \
              --pre -d curl_cffi_whls \
              -r requirements.txt
          done
          python3 -m delocate.cmd.delocate_fuse curl_cffi_whls/curl_cffi*.whl -w curl_cffi_universal2
          python3 -m delocate.cmd.delocate_fuse curl_cffi_whls/cffi*.whl -w curl_cffi_universal2
          cd curl_cffi_universal2
          for wheel in *cffi*.whl; do mv -n -- "${wheel}" "${wheel/x86_64/universal2}"; done
          python3 -m pip install -U --user *cffi*.whl

      - name: Prepare
        run: |
          python3 devscripts/update-version.py -c "${{ inputs.channel }}" -r "${{ needs.process.outputs.origin }}" "${{ inputs.version }}"
          python3 devscripts/make_lazy_extractors.py
      - name: Build
        run: |
          python3 -m bundle.pyinstaller --target-architecture universal2 --onedir
          (cd ./dist/yt-dlp_macos && zip -r ../yt-dlp_macos.zip .)
          python3 -m bundle.pyinstaller --target-architecture universal2

      - name: Verify --update-to
        if: vars.UPDATE_TO_VERIFICATION
        run: |
          chmod +x ./dist/yt-dlp_macos
          cp ./dist/yt-dlp_macos ./dist/yt-dlp_macos_downgraded
          version="$(./dist/yt-dlp_macos --version)"
          ./dist/yt-dlp_macos_downgraded -v --update-to yt-dlp/yt-dlp@2023.03.04
          downgraded_version="$(./dist/yt-dlp_macos_downgraded --version)"
          [[ "$version" != "$downgraded_version" ]]

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-bin-${{ github.job }}
          path: |
            dist/yt-dlp_macos
            dist/yt-dlp_macos.zip
          compression-level: 0

  macos_legacy:
    needs: process
    if: inputs.macos_legacy
    runs-on: macos-latest

    steps:
      - uses: actions/checkout@v4
      - name: Install Python
        # We need the official Python, because the GA ones only support newer macOS versions
        env:
          PYTHON_VERSION: 3.10.5
          MACOSX_DEPLOYMENT_TARGET: 10.9 # Used up by the Python build tools
        run: |
          # Hack to get the latest patch version. Uncomment if needed
          #brew install python@3.10
          #export PYTHON_VERSION=$( $(brew --prefix)/opt/python@3.10/bin/python3 --version | cut -d ' ' -f 2 )
          curl https://www.python.org/ftp/python/${PYTHON_VERSION}/python-${PYTHON_VERSION}-macos11.pkg -o "python.pkg"
          sudo installer -pkg python.pkg -target /
          python3 --version
      - name: Install Requirements
        run: |
          brew install coreutils
          python3 devscripts/install_deps.py --user -o --include build
          python3 devscripts/install_deps.py --user --include pyinstaller

      - name: Prepare
        run: |
          python3 devscripts/update-version.py -c "${{ inputs.channel }}" -r "${{ needs.process.outputs.origin }}" "${{ inputs.version }}"
          python3 devscripts/make_lazy_extractors.py
      - name: Build
        run: |
          python3 -m bundle.pyinstaller
          mv dist/yt-dlp_macos dist/yt-dlp_macos_legacy

      - name: Verify --update-to
        if: vars.UPDATE_TO_VERIFICATION
        run: |
          chmod +x ./dist/yt-dlp_macos_legacy
          cp ./dist/yt-dlp_macos_legacy ./dist/yt-dlp_macos_legacy_downgraded
          version="$(./dist/yt-dlp_macos_legacy --version)"
          ./dist/yt-dlp_macos_legacy_downgraded -v --update-to yt-dlp/yt-dlp@2023.03.04
          downgraded_version="$(./dist/yt-dlp_macos_legacy_downgraded --version)"
          [[ "$version" != "$downgraded_version" ]]

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-bin-${{ github.job }}
          path: |
            dist/yt-dlp_macos_legacy
          compression-level: 0

  windows:
    needs: process
    if: inputs.windows
    runs-on: windows-latest

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with: # 3.8 is used for Win7 support
          python-version: "3.8"
      - name: Install Requirements
        run: | # Custom pyinstaller built with https://github.com/yt-dlp/pyinstaller-builds
          python devscripts/install_deps.py -o --include build
          python devscripts/install_deps.py --include py2exe --include curl_cffi
          python -m pip install -U "https://yt-dlp.github.io/Pyinstaller-Builds/x86_64/pyinstaller-5.8.0-py3-none-any.whl"

      - name: Prepare
        run: |
          python devscripts/update-version.py -c "${{ inputs.channel }}" -r "${{ needs.process.outputs.origin }}" "${{ inputs.version }}"
          python devscripts/make_lazy_extractors.py
      - name: Build
        run: |
          python -m bundle.py2exe
          Move-Item ./dist/yt-dlp.exe ./dist/yt-dlp_min.exe
          python -m bundle.pyinstaller
          python -m bundle.pyinstaller --onedir
          Compress-Archive -Path ./dist/yt-dlp/* -DestinationPath ./dist/yt-dlp_win.zip

      - name: Verify --update-to
        if: vars.UPDATE_TO_VERIFICATION
        run: |
          foreach ($name in @("yt-dlp","yt-dlp_min")) {
            Copy-Item "./dist/${name}.exe" "./dist/${name}_downgraded.exe"
            $version = & "./dist/${name}.exe" --version
            & "./dist/${name}_downgraded.exe" -v --update-to yt-dlp/yt-dlp@2023.03.04
            $downgraded_version = & "./dist/${name}_downgraded.exe" --version
            if ($version -eq $downgraded_version) {
              exit 1
            }
          }

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-bin-${{ github.job }}
          path: |
            dist/yt-dlp.exe
            dist/yt-dlp_min.exe
            dist/yt-dlp_win.zip
          compression-level: 0

  windows32:
    needs: process
    if: inputs.windows32
    runs-on: windows-latest

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.8"
          architecture: "x86"
      - name: Install Requirements
        run: |
          python devscripts/install_deps.py -o --include build
          python devscripts/install_deps.py
          python -m pip install -U "https://yt-dlp.github.io/Pyinstaller-Builds/i686/pyinstaller-5.8.0-py3-none-any.whl"

      - name: Prepare
        run: |
          python devscripts/update-version.py -c "${{ inputs.channel }}" -r "${{ needs.process.outputs.origin }}" "${{ inputs.version }}"
          python devscripts/make_lazy_extractors.py
      - name: Build
        run: |
          python -m bundle.pyinstaller

      - name: Verify --update-to
        if: vars.UPDATE_TO_VERIFICATION
        run: |
          foreach ($name in @("yt-dlp_x86")) {
            Copy-Item "./dist/${name}.exe" "./dist/${name}_downgraded.exe"
            $version = & "./dist/${name}.exe" --version
            & "./dist/${name}_downgraded.exe" -v --update-to yt-dlp/yt-dlp@2023.03.04
            $downgraded_version = & "./dist/${name}_downgraded.exe" --version
            if ($version -eq $downgraded_version) {
              exit 1
            }
          }

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-bin-${{ github.job }}
          path: |
            dist/yt-dlp_x86.exe
          compression-level: 0

  meta_files:
    if: inputs.meta_files && always() && !cancelled()
    needs:
      - process
      - unix
      - linux_arm
      - macos
      - macos_legacy
      - windows
      - windows32
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v4
        with:
          path: artifact
          pattern: build-bin-*
          merge-multiple: true

      - name: Make SHA2-SUMS files
        run: |
          cd ./artifact/
          # make sure SHA sums are also printed to stdout
          sha256sum * | tee ../SHA2-256SUMS
          sha512sum * | tee ../SHA2-512SUMS

      - name: Make Update spec
        run: |
          cat >> _update_spec << EOF
          # This file is used for regulating self-update
          lock 2022.08.18.36 .+ Python 3\.6
          lock 2023.11.16 (?!win_x86_exe).+ Python 3\.7
          lock 2023.11.16 win_x86_exe .+ Windows-(?:Vista|2008Server)
          lockV2 yt-dlp/yt-dlp 2022.08.18.36 .+ Python 3\.6
          lockV2 yt-dlp/yt-dlp 2023.11.16 (?!win_x86_exe).+ Python 3\.7
          lockV2 yt-dlp/yt-dlp 2023.11.16 win_x86_exe .+ Windows-(?:Vista|2008Server)
          lockV2 yt-dlp/yt-dlp-nightly-builds 2023.11.15.232826 (?!win_x86_exe).+ Python 3\.7
          lockV2 yt-dlp/yt-dlp-nightly-builds 2023.11.15.232826 win_x86_exe .+ Windows-(?:Vista|2008Server)
          lockV2 yt-dlp/yt-dlp-master-builds 2023.11.15.232812 (?!win_x86_exe).+ Python 3\.7
          lockV2 yt-dlp/yt-dlp-master-builds 2023.11.15.232812 win_x86_exe .+ Windows-(?:Vista|2008Server)
          EOF

      - name: Sign checksum files
        env:
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
        if: env.GPG_SIGNING_KEY != ''
        run: |
          gpg --batch --import <<< "${{ secrets.GPG_SIGNING_KEY }}"
          for signfile in ./SHA*SUMS; do
            gpg --batch --detach-sign "$signfile"
          done

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-${{ github.job }}
          path: |
            _update_spec
            SHA*SUMS*
          compression-level: 0
          overwrite: true