name: Publish Kata release artifacts
on:
  push:
    tags:
      - '[0-9]+.[0-9]+.[0-9]+*'

jobs:
  build-kata-static-tarball-amd64:
    uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml

  kata-deploy:
    needs: build-kata-static-tarball-amd64
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: get-kata-tarball
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-amd64
      - name: build-and-push-kata-deploy-ci
        id: build-and-push-kata-deploy-ci
        run: |
          tag=$(echo $GITHUB_REF | cut -d/ -f3-)
          pushd $GITHUB_WORKSPACE
          git checkout $tag
          pkg_sha=$(git rev-parse HEAD)
          popd
          mv kata-static.tar.xz $GITHUB_WORKSPACE/tools/packaging/kata-deploy/kata-static.tar.xz
          docker build --build-arg KATA_ARTIFACTS=kata-static.tar.xz -t katadocker/kata-deploy-ci:$pkg_sha -t quay.io/kata-containers/kata-deploy-ci:$pkg_sha $GITHUB_WORKSPACE/tools/packaging/kata-deploy
          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
          docker push katadocker/kata-deploy-ci:$pkg_sha
          docker login -u ${{ secrets.QUAY_DEPLOYER_USERNAME }} -p ${{ secrets.QUAY_DEPLOYER_PASSWORD }} quay.io
          docker push quay.io/kata-containers/kata-deploy-ci:$pkg_sha
          mkdir -p packaging/kata-deploy
          ln -s $GITHUB_WORKSPACE/tools/packaging/kata-deploy/action packaging/kata-deploy/action
          echo "PKG_SHA=${pkg_sha}" >> $GITHUB_OUTPUT
      - name: test-kata-deploy-ci-in-aks
        uses: ./packaging/kata-deploy/action
        with:
          packaging-sha: ${{steps.build-and-push-kata-deploy-ci.outputs.PKG_SHA}}
        env:
          PKG_SHA: ${{steps.build-and-push-kata-deploy-ci.outputs.PKG_SHA}}
          AZ_APPID: ${{ secrets.AZ_APPID }}
          AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
          AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
          AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
      - name: push-tarball
        run: |
          # tag the container image we created and push to DockerHub
          tag=$(echo $GITHUB_REF | cut -d/ -f3-)
          tags=($tag)
          tags+=($([[ "$tag" =~ "alpha"|"rc" ]] && echo "latest" || echo "stable"))
          for tag in ${tags[@]}; do \
            docker tag katadocker/kata-deploy-ci:${{steps.build-and-push-kata-deploy-ci.outputs.PKG_SHA}} katadocker/kata-deploy:${tag} && \
            docker tag quay.io/kata-containers/kata-deploy-ci:${{steps.build-and-push-kata-deploy-ci.outputs.PKG_SHA}} quay.io/kata-containers/kata-deploy:${tag} && \
            docker push katadocker/kata-deploy:${tag} && \
            docker push quay.io/kata-containers/kata-deploy:${tag}; \
          done

  upload-static-tarball:
    needs: kata-deploy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: download-artifacts
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball
      - name: install hub
        run: |
          HUB_VER=$(curl -s "https://api.github.com/repos/github/hub/releases/latest" | jq -r .tag_name | sed 's/^v//')
          wget -q -O- https://github.com/github/hub/releases/download/v$HUB_VER/hub-linux-amd64-$HUB_VER.tgz | \
          tar xz --strip-components=2 --wildcards '*/bin/hub' && sudo mv hub /usr/local/bin/hub
      - name: push static tarball to github
        run: |
          tag=$(echo $GITHUB_REF | cut -d/ -f3-)
          tarball="kata-static-$tag-x86_64.tar.xz"
          mv kata-static.tar.xz "$GITHUB_WORKSPACE/${tarball}"
          pushd $GITHUB_WORKSPACE
          echo "uploading asset '${tarball}' for tag: ${tag}"
          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
          popd

  upload-cargo-vendored-tarball:
    needs: upload-static-tarball
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: generate-and-upload-tarball
        run: |
          tag=$(echo $GITHUB_REF | cut -d/ -f3-)
          tarball="kata-containers-$tag-vendor.tar.gz"
          pushd $GITHUB_WORKSPACE
          bash -c "tools/packaging/release/generate_vendor.sh ${tarball}"
          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" 
          popd

  upload-libseccomp-tarball:
    needs: upload-cargo-vendored-tarball
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: download-and-upload-tarball
        env:
          GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }}
          GOPATH: ${HOME}/go
        run: |
          pushd $GITHUB_WORKSPACE
          ./ci/install_yq.sh
          tag=$(echo $GITHUB_REF | cut -d/ -f3-)
          versions_yaml="versions.yaml"
          version=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.version")
          repo_url=$(${GOPATH}/bin/yq read ${versions_yaml} "externals.libseccomp.url")
          download_url="${repo_url}/releases/download/v${version}"
          tarball="libseccomp-${version}.tar.gz"
          asc="${tarball}.asc"
          curl -sSLO "${download_url}/${tarball}"
          curl -sSLO "${download_url}/${asc}"
          # "-m" option should be empty to re-use the existing release title
          # without opening a text editor.
          # For the details, check https://hub.github.com/hub-release.1.html.
          hub release edit -m "" -a "${tarball}" "${tag}"
          hub release edit -m "" -a "${asc}" "${tag}"
          popd