.github/workflows/build-verify.yml

name: build-verify-package
on:
  push:
    paths-ignore:
      #- '.github/**'
      - '.gitignore'
      - 'ADOPTERS*'
      - 'LICENSE'
      - '*.md'
  pull_request:
    paths-ignore:
      - '.github/**'
      - '.gitignore'
      - 'ADOPTERS*'
      - 'LICENSE'
      - '*.md'
permissions:
  contents: read
  id-token: write # needed for signing the images with GitHub OIDC Token

jobs:
  build-verify-package:
    runs-on: ubuntu-latest
    environment: Build
    steps:
      - name: Get current date
        id: date
        #run: echo "::set-output name=date::$(date +'%Y-%m-%dT%H:%M:%S')"
        run: echo "date=$(date +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT

      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Set up JDK 17 for x64
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          architecture: x64
          cache: maven

      - name: Build Java components
        run: mvn -B clean install

      #- name: Verify Javadoc completion
      #  run: mvn -B javadoc:javadoc

      - name: Package container image for operator e2e tests
        run: |
          cd ${{github.workspace}}/operator
          docker build -f src/main/docker/Dockerfile.jvm -t quay.io/microcks/microcks-operator:e2e-tests .
          echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
          docker push quay.io/microcks/microcks-operator:e2e-tests

      - name: Install kubectl and Kind Cluster
        run: |
          set -x
          curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl \
            && sudo mv ./kubectl /usr/local/bin/kubectl \
            && sudo chmod +x /usr/local/bin/kubectl
          curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-amd64 \
            && sudo mv ./kind /usr/local/bin/kind \
            && sudo chmod +x /usr/local/bin/kind

      - name: Run e2e tests on operator using Kuttl.dev
        run: |
          set -x
          curl -Lo ./kuttl https://github.com/kudobuilder/kuttl/releases/download/v0.19.0/kubectl-kuttl_0.19.0_linux_x86_64 \
            && sudo cp kuttl /usr/local/bin/kubectl-kuttl \
            && sudo chmod +x /usr/local/bin/kubectl-kuttl
          kubectl kuttl test --config=./tests/kuttl-test.yaml

      - name: Set environment for branch
        run: |
          set -x
          if [[ $GITHUB_REF == 'refs/heads/main' ]]; then
            echo "IMAGE_TAG=nightly" >> "$GITHUB_ENV"
            echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
          elif [[ $GITHUB_REF == "refs/tags/$GITHUB_REF_NAME" ]]; then
            echo "IMAGE_TAG=$GITHUB_REF_NAME" >> "$GITHUB_ENV"
            echo "PACKAGE_IMAGE=true" >> "$GITHUB_ENV"
          else
            echo "PACKAGE_IMAGE=false" >> "$GITHUB_ENV"
          fi

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.7.0

      - name: Set up QEMU
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        uses: docker/setup-buildx-action@v3

      - name: Login to Quay.io and Docker Hub registries and setup multi-arch builder
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        run: |
          echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
          echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin docker.io
          BUILDER=buildx-multi-arch
          docker buildx inspect $BUILDER || docker buildx create --name=$BUILDER --driver=docker-container --driver-opt=network=host

      - name: Build and push JVM container image for operator
        id: build-and-push
        uses: docker/build-push-action@v6.12.0
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        with:
          context: ${{github.workspace}}/operator
          sbom: true
          push: true
          provenance: mode=max
          platforms: linux/amd64,linux/arm64
          builder: buildx-multi-arch
          file: operator/src/main/docker/Dockerfile.jvm
          labels: |
            org.opencontainers.image.revision=${GITHUB_SHA}
            org.opencontainers.image.created=${{ steps.date.outputs.date }}
          tags: quay.io/microcks/microcks-operator:${{env.IMAGE_TAG}},docker.io/microcks/microcks-operator:${{env.IMAGE_TAG}}

      - name: Sign the images with GitHub OIDC Token
        env:
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
          TAGS: quay.io/microcks/microcks-operator:${{env.IMAGE_TAG}} docker.io/microcks/microcks-operator:${{env.IMAGE_TAG}}
          COSIGN_EXPERIMENTAL: "true"
        run: |
          images=""
          for tag in ${TAGS}; do
            images+="${tag}@${DIGEST} "
          done
          cosign sign --yes ${images}

      - name: Compile application in native mode
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        run: |
          cd ${{github.workspace}}/operator
          mvn -B package -Pnative -Dquarkus.native.container-build=true

      - name: Build and push native container image for operator
        id: build-and-push-native
        uses: docker/build-push-action@v6.12.0
        if: github.repository_owner == 'microcks' && env.PACKAGE_IMAGE == 'true'
        with:
          context: ${{github.workspace}}/operator
          sbom: true
          push: true
          provenance: mode=max
          platforms: linux/amd64,linux/arm64
          builder: buildx-multi-arch
          file: operator/src/main/docker/Dockerfile.native
          labels: |
            org.opencontainers.image.revision=${GITHUB_SHA}
            org.opencontainers.image.created=${{ steps.date.outputs.date }}
          tags: quay.io/microcks/microcks-operator:${{env.IMAGE_TAG}}-native,docker.io/microcks/microcks-operator:${{env.IMAGE_TAG}}-native

      - name: Sign the native images with GitHub OIDC Token
        env:
          DIGEST: ${{ steps.build-and-push-native.outputs.digest }}
          TAGS: quay.io/microcks/microcks-operator:${{env.IMAGE_TAG}}-native docker.io/microcks/microcks-operator:${{env.IMAGE_TAG}}-native
          COSIGN_EXPERIMENTAL: "true"
        run: |
          images=""
          for tag in ${TAGS}; do
            images+="${tag}@${DIGEST} "
          done
          cosign sign --yes ${images}