name: Compile

on:
  push:
    branches:
      - main
      - test*
  workflow_dispatch: # Manual trigger added

jobs:
  build-runspace:
    runs-on: windows-latest
    env:
      CERTIFICATE_BASE64: ${{ secrets.CERTIFICATE_BASE64 }}
    steps:
    - uses: actions/checkout@v4
      with:
        ref: ${{ github.head_ref }}
    - name: Compile project
      shell: pwsh
      run: |
        Set-ExecutionPolicy Bypass -Scope Process -Force; ./Compile.ps1
      continue-on-error: false # Directly fail the job on error, removing the need for a separate check
    - name: Create and import code signing certificate
      shell: pwsh
      run: |
        [System.IO.File]::WriteAllBytes("$env:USERPROFILE\code-signing-cert.pfx", [System.Convert]::FromBase64String("$env:CERTIFICATE_BASE64"))
        Import-PfxCertificate -FilePath "$env:USERPROFILE\code-signing-cert.pfx" -CertStoreLocation Cert:\CurrentUser\My
    - name: Code sign winutil.ps1
      shell: pwsh
      run: |
        $cert = Get-ChildItem -Path Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
        if ($null -eq $cert) { throw "Code signing certificate not found" }
        Set-AuthenticodeSignature -FilePath ./winutil.ps1 -Certificate $cert
    - uses: stefanzweifel/git-auto-commit-action@v5
      with:
        commit_message: Compile Winutil
      if: success()