.github/workflows/docker.yml

name: Docker image

on:
  push: { branches: [ develop ], tags: [ "*" ], paths: [ ".kraken.*", "Dockerfile", ".github/workflows/*.yml", "src/*", "formulae/*" ] }
  pull_request: { branches: [ develop ] }

env:
  COLUMNS: 160

jobs:
  test-formulae:
    runs-on: "arc-${{ matrix.arch }}-small"
    strategy:
      fail-fast: false
      matrix:
        # note: (@niklas) Disable ARM64 test for now because we keep getting an ARM64 CI runner with an
        #       IP address that is blacklisted by Google storage APIs, failing some formula's downloads.
        arch: ["amd64"] #, "arm64"]
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install UPX
        run: sudo apt-get update && sudo apt-get install upx -y

      - name: Test Formulae
        run: |
          set -e
          status_code=0
          for formula in formulae/*.py; do
            echo " :::: TEST FORMULA $formula"
            if ! python3 src/main.py $formula -o install_to=bin; then
              status_code=1
            fi
          done
          exit $status_code

  build:
    runs-on: "arc-${{ matrix.arch }}-large"
    needs: [ test-formulae ]
    strategy:
      fail-fast: false
      matrix:
        arch: ["amd64", "arm64"]
        base_image: [ "ubuntu_22.04", "ubuntu_20.04" ]
    permissions:
      packages: write
      contents: read
      attestations: write
    steps:

      # NOTE (@NiklasRosenstein): Need Git 2.18 available on the runner for the checkout action to use it; otherwise
      #       it falls back to the REST API and Git operations afterwards will fail because no repository is present.
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/setup-python@v5
        if: "${{ matrix.arch == 'amd64' }}"
        with:
          python-version: "3.10"

      - name: Create Python 3 virtualenv (arm64)
        if: "${{ matrix.arch == 'arm64' }}"
        run: python3.10 -m venv .venv

      - name: Activate Python 3 virtualenv (arm64)
        if: "${{ matrix.arch == 'arm64' }}"
        run: source .venv/bin/activate && env >> $GITHUB_ENV

      - name: Install kraken-wrapper
        run: pip install uv==0.3.0 && uv tool install kraken-wrapper==0.39.0

      # See https://github.com/orgs/community/discussions/42856#discussioncomment-7678867
      - name: Adding required env vars for caching Docker build
        uses: actions/github-script@v7
        env:
          github-token: ${{ secrets.GITHUB_TOKEN }}
        with:
          script: |
            core.exportVariable('ACTIONS_CACHE_URL', process.env['ACTIONS_CACHE_URL'])
            core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env['ACTIONS_RUNTIME_TOKEN'])
          # core.exportVariable('ACTIONS_RUNTIME_URL', process.env['ACTIONS_RUNTIME_URL'])

      - run: |
          krakenw r -s -v
          krakenw q d --resume :docker-kraken-image/${{ matrix.base_image }}/linux/${{ matrix.arch }} -v
          krakenw r --resume :docker-kraken-image/${{ matrix.base_image }}/linux/${{ matrix.arch }} -v --state-name "${{ matrix.base_image }}-${{ matrix.arch }}"
        env:
          GITHUB_USER: ${{ github.actor }}
          GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/upload-artifact@v3
        with:
          name: kraken-build-state
          path: build/.kraken/buildenv/state*.dill

  manifest-tool:
    runs-on: "arc-amd64-small"
    needs: [ build ]
    permissions:
      packages: write
      contents: read
      attestations: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - uses: actions/download-artifact@v3
        with:
          name: kraken-build-state
          path: build/.kraken/buildenv/

      - run: ls -la build/.kraken/buildenv/

      - uses: actions/setup-python@v5
        with:
          python-version: "3.10"

      - name: Install kraken-wrapper
        run: pip install uv==0.3.0 && uv tool install kraken-wrapper==0.39.0

      - name: Install manifest-tool
        run: |
          wget -q https://github.com/estesp/manifest-tool/releases/download/v2.0.5/binaries-manifest-tool-2.0.5.tar.gz
          tar xvf binaries-manifest-tool-2.0.5.tar.gz manifest-tool-linux-amd64
          mkdir -p ~/.local/bin/
          mv manifest-tool-linux-amd64 ~/.local/bin/manifest-tool
          chmod +x ~/.local/bin/manifest-tool

      - run: |
          export PATH="$PATH:$HOME/.local/bin"
          krakenw q tree -v --all --resume :docker-kraken-image-multiarch
          krakenw r --resume :docker-kraken-image-multiarch -v
        env:
          GITHUB_USER: ${{ github.actor }}
          GITHUB_PASSWORD: ${{ secrets.GITHUB_TOKEN }}