.github/workflows/podvm_mkosi.yaml

name: Create a Pod VM image with mkosi

on:
  workflow_dispatch:
    inputs:
      binaries-image:
        description: "Prebuild fedora binaries image, as produced by this workflow under ghcr.io/confidential-containers/cloud-api-adaptor/podvm/binaries-fedora"
        required: false

defaults:
  run:
    working-directory: src/cloud-api-adaptor

jobs:
  build-binaries:
    name: Build binaries
    if : ${{ github.event.inputs.binaries-image == '' }}
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log in to GitHub Container Registry
        uses: docker/#-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build builder
        uses: docker/build-push-action@v5
        with:
          tags: ghcr.io/${{ github.repository }}/podvm/builder-fedora:${{ github.sha }}
          context: src
          file: src/cloud-api-adaptor/podvm/Dockerfile.podvm_builder.fedora
          push: true

      # Build binaries need git commit id as part of image name
      - name: Prepare .git folder
        working-directory: ./
        run: |
          cp -rf .git src/.git

      - name: Build binaries
        uses: docker/build-push-action@v5
        with:
          tags: ghcr.io/${{ github.repository }}/podvm/binaries-fedora:${{ github.sha }}
          context: src
          file: src/cloud-api-adaptor/podvm/Dockerfile.podvm_binaries.fedora
          push: true
          build-args:
            "BUILDER_IMG=ghcr.io/${{ github.repository }}/podvm/builder-fedora:${{ github.sha }}"

  build-image:
    name: Build image
    needs: [build-binaries]
    if: |
      always() && (
          needs.build-binaries.result == 'success' || (
              needs.build-binaries.result == 'skipped' &&
              github.event.inputs.binaries-image != ''
          )
      )
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Install Nix
        uses: cachix/install-nix-action@v22

      - name: Build nix shell to cache dependencies
        run: nix build .#devShells.x86_64-linux.podvm-mkosi

      - name: Install crane
        run: nix profile install nixpkgs#crane

        # This removes the checkout and creates a btrfs volume with maximized
        # build space.
      - name: Maximize build space
        uses: katexochen/maximize-build-space@btrfs
        with:
          swap-size-mb: 1024
          remove-dotnet: "true"
          remove-android: "true"
          remove-haskell: "true"
          remove-codeql: "true"
          remove-docker-images: "true"

      - name: Second checkout
        uses: actions/checkout@v3

      - name: Decide on image to use
        id: binaries-image
        run: |
          if [ -z "${{ github.event.inputs.binaries-image }}" ]; then
            echo "image=ghcr.io/${{ github.repository }}/podvm/binaries-fedora:${{ github.sha }}" | tee -a "$GITHUB_OUTPUT"
          else
            echo "image=${{ github.event.inputs.binaries-image }}" | tee -a "$GITHUB_OUTPUT"
          fi

      - name: Download binaries and unpack into binaries-tree
        run: |
          crane export \
            ${{ steps.binaries-image.outputs.image }} \
            podvm-binaries.tar
          mkdir -p podvm-mkosi/resources/binaries-tree
          tar xf podvm-binaries.tar -C podvm-mkosi/resources/binaries-tree
          rm podvm-binaries.tar

      - name: Build image
        working-directory: src/cloud-api-adaptor/podvm-mkosi
        run: make image-debug

      - name: Upload image
        uses: actions/upload-artifact@v2
        with:
          name: podvm-mkosi-${{ github.sha }}
          path: src/cloud-api-adaptor/podvm-mkosi/build/system.raw