name: Merge

permissions:
  # To create a draft release.
  contents: write
  # To sign artifacts.
  id-token: write

on:
  merge_group:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

defaults:
  run:
    shell: bash

jobs:
  info:
    name: info
    uses: ./.github/workflows/ci-info.yml
    permissions:
      contents: read
    with:
      ref: ${{ github.ref }}
      is-snapshot: false
    secrets: inherit

  ci:
    name: CI
    needs: [info]
    uses: ./.github/workflows/ci.yml
    permissions:
      contents: read
      # To sign artifacts.
      id-token: write
    with:
      ref: ${{ github.ref }}
      version: ${{ needs.info.outputs.version }}
      enable-coverage: true
    secrets: inherit

  prepare-release:
    name: prepare
    needs: [info, ci]
    uses: ./.github/workflows/ci-prepare-release.yml
    permissions:
      contents: write
      # To sign artifacts.
      id-token: write
    with:
      ref: ${{ github.ref }}
      version: ${{ needs.info.outputs.version }}
      release-notes: ${{ needs.info.outputs.release-notes }}
      project: ${{ github.repository }}
    secrets: inherit

  ci-ok:
    name: ci-ok
    needs: [ci, prepare-release]
    if: always() # always report a status
    runs-on: ubuntu-latest
    steps:
      - name: CI failed
        if: ${{ needs.ci.result != 'success' }}
        run: exit 1
      - name: Release failed
        if: ${{ needs.prepare-release.result != 'success' }}
        run: exit 1
      - name: CI succeeded
        run: exit 0