name: Publish

on: [push, pull_request, workflow_call]

permissions:
  contents: read

jobs:
  crates_io_publish:
    name: Publish (crates.io)
    runs-on: ubuntu-latest
    timeout-minutes: 25
    steps:
      - uses: actions/checkout@v5
        with:
          submodules: 'true'
      - uses: dtolnay/rust-toolchain@stable

      - name: cargo-release Cache
        id: cargo_release_cache
        uses: actions/cache@v3
        with:
          path: ~/.cargo/bin/cargo-release
          key: ${{ runner.os }}-cargo-release

      - run: cargo install cargo-release
        if: steps.cargo_release_cache.outputs.cache-hit != 'true'

      - name: cargo login
        run: cargo login ${{ secrets.CRATES_IO_API_TOKEN }}

      # allow-branch HEAD is because GitHub actions switches
      # to the tag while building, which is a detached head

      # Publishing is currently messy, because:
      #
      # * `peace_rt_model_core` exports `NativeError` or `WebError` depending on the target.
      # * `peace_rt_model_web` fails to build when publishing the workspace for a native target.
      # * `peace_rt_model_web` still needs its dependencies to be published before it can be
      #    published.
      # * `peace_rt_model_hack` needs `peace_rt_model_web` to be published before it can be
      #    published.
      #
      # We *could* pass through `--no-verify` so `cargo` doesn't build the crate before publishing,
      # which is reasonable, since this job only runs after the Linux, Windows, and WASM builds
      # have passed.
      - name: "cargo release publish"
        run: |-
          cargo release \
            publish \
            --workspace \
            --all-features \
            --allow-branch "main" \
            --no-confirm \
            --no-verify \
            --execute