name: ci

on:
  pull_request: {}
  push: {}

permissions:
  contents: write
  packages: write

jobs:
  detect-release:
    runs-on: ubuntu-latest
    outputs:
      is_semver_tag: ${{ steps.detect.outputs.is_semver_tag }}
    steps:
      - id: detect
        shell: bash
        run: |
          set -euo pipefail
          # Only true for tag refs like v1.2.3 (no suffix)
          if [[ "${GITHUB_REF}" == refs/tags/* ]] && [[ "${GITHUB_REF_NAME}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
            echo "is_semver_tag=true" >> "$GITHUB_OUTPUT"
          else
            echo "is_semver_tag=false" >> "$GITHUB_OUTPUT"
          fi

  tests:
    uses: ./.github/workflows/reusable-test.yml
    with:
      python-version: "3.12"
      matomo-token-description: "ci-token"

  publish-image:
    if: needs.detect-release.outputs.is_semver_tag == 'true'
    needs: [detect-release, tests]
    uses: ./.github/workflows/publish-image.yml
    permissions:
      contents: read
      packages: write

  tag-stable:
    if: needs.detect-release.outputs.is_semver_tag == 'true'
    needs: [detect-release, tests, publish-image]
    uses: ./.github/workflows/stable-tag.yml
    permissions:
      contents: write