.github/workflows/build.yml

name: Build, test and publish

on:
  push:
    branches: '**'
  release:
    types: [created]
  schedule:
    # Daily 5am australian/brisbane time (7pm UTC)
    - cron: '0 19 * * *'
  workflow_dispatch:

jobs:
  build:
    name: Build and unit test code
    runs-on: windows-latest
    # conditionally skip build on PR merge of release-please, because the release creation is going to trigger the real build
    if: ${{ github.ref_name != github.event.repository.default_branch || github.event.head_commit.author.username != 'team-integrations-fnm-bot' }}
    outputs:
      version: ${{ steps.nuke-build.outputs.version }}
    steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
    - name: Setup .NET
      uses: actions/setup-dotnet@v2
      with:
        dotnet-version: 6.0.x
    - name: Run Nuke Build 🏗
      id: nuke-build
      env:
        DOTNET_CLI_TELEMETRY_OPTOUT: true
        DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
        OCTOVERSION_CurrentBranch: ${{ (github.event_name == 'schedule' && 'nightly') || github.head_ref || github.ref }} # For pull_request events we override the /refs/pull/xx/merge branch to the PR's head branch
        RunNumber: ${{ github.run_number }}
        AzureKeyVaultUrl: ${{ secrets.AZURE_KEYVAULT_URL }}
        AzureKeyVaultAppId: ${{ secrets.AZURE_KEYVAULT_CLIENT_ID }}
        AzureKeyVaultTenantId: ${{ secrets.AZURE_KEYVAULT_TENANT_ID }}
        AzureKeyVaultAppSecret: ${{ secrets.AZURE_KEYVAULT_CLIENT_SECRET }}
        AzureKeyVaultCertificateName: ${{ secrets.AZURE_KEYVAULT_CERTIFICATE_NAME }}
      run: |
        ./build.cmd
    - uses: actions/upload-artifact@v3
      with:
        name: artifacts
        path: artifacts/

  docker-build:
    name: Create and test Docker image
    needs: build
    runs-on: ubuntu-latest
    env:
      VERSION: ${{ needs.build.outputs.version }}
    steps:
    - uses: actions/checkout@v3
    - uses: actions/download-artifact@v3
      with:
        name: artifacts
        path: artifacts
    - name: Build Docker image
      id: build-docker-image
      run: |
        PLATFORM="alpine"
        TAG="octopusdeploy/octo-prerelease:${VERSION}-${PLATFORM}"
        LATEST="octopusdeploy/octo-prerelease:latest-${PLATFORM}"

        echo "DOCKER_IMAGE_TAG=${TAG}" >> $GITHUB_OUTPUT
        
        docker build \
          --build-arg OCTO_TOOLS_VERSION=${VERSION} \
          --file "${{ github.workspace }}/Dockerfiles/${PLATFORM}/Dockerfile" \
          --tag ${TAG} \
          --tag ${LATEST} \
          ${{ github.workspace }}/artifacts

    - name: Test Docker image
      run: |
        OCTO_RESPONSE="$(docker run --rm ${{ steps.build-docker-image.outputs.DOCKER_IMAGE_TAG }} version)"

        if [[ "$OCTO_RESPONSE" == "$VERSION" ]]
        then
          echo "Image successfully created - running 'docker run --rm ${DOCKER_IMAGE_TAG} version' returned ${OCTO_RESPONSE}"
        else
          echo "Built image did not return expected version ${VERSION} - it returned ${OCTO_RESPONSE}" >&2 && exit 1
        fi

    - name: Package Docker image
      run: |
        tarFile="Octo.Docker.Image.$VERSION.tar"
        gzipFile="${tarFile}.gz"

        docker save \
          --output "${{ github.workspace }}/artifacts/${tarFile}" \
          octopusdeploy/octo-prerelease
        
        gzip -c "${{ github.workspace }}/artifacts/${tarFile}" > "${{ github.workspace }}/artifacts/${gzipFile}"

        rm "${{ github.workspace }}/artifacts/${tarFile}"

    - uses: actions/upload-artifact@v3
      with:
        name: docker-image
        path: artifacts/Octo.Docker.Image.*.tar.gz

  linux-distro-packages-build:
    name: Create Linux distro packages
    needs: build
    runs-on: ubuntu-latest
    env:
      VERSION: ${{ needs.build.outputs.version }}
    steps:
    - uses: actions/checkout@v3
    - uses: actions/checkout@v3
      with:
        repository: OctopusDeploy/linux-package-feeds
        token: ${{ secrets.RENOVATE_GITHUB_TOKEN }}
        path: linux-package-feeds-repo
    - run: |
        ln -s linux-package-feeds-repo/source linux-package-feeds
    - uses: actions/download-artifact@v3
      with:
        name: artifacts
        path: artifacts
    - name: Extract linux-x64 package
      run: |
        mkdir -p artifacts/OctopusTools.$VERSION.linux-x64.extracted
        tar -xf artifacts/OctopusTools.$VERSION.linux-x64.tar.gz -C artifacts/OctopusTools.$VERSION.linux-x64.extracted
    - name: Build the distro images
      env:
        SIGN_PRIVATE_KEY: ${{ secrets.SIGN_LINUX_DISTRO_PRIVATE_KEY }}
        SIGN_PASSPHRASE: ${{ secrets.SIGN_LINUX_DISTRO_PASSPHRASE }}
      run: |
        docker run --env VERSION=$VERSION --env BINARIES_PATH=/artifacts/OctopusTools.$VERSION.linux-x64.extracted/ \
        --env PACKAGES_PATH=/artifacts --env SIGN_PRIVATE_KEY  --env SIGN_PASSPHRASE \
        --volume ${{ github.workspace }}/BuildAssets:/BuildAssets \
        --volume ${{ github.workspace }}/linux-package-feeds:/opt/linux-package-feeds \
        --volume ${{ github.workspace }}/artifacts:/artifacts \
        --rm --tty \
        octopusdeploy/package-linux-docker:latest \
        bash -c /BuildAssets/create-octopuscli-linux-packages.sh
    - name: Re-compress result
      run: |
        rm -rf ${{ github.workspace }}/artifacts/OctopusTools.$VERSION.linux-x64.extracted
        mkdir -p ${{ github.workspace }}/artifacts/linuxpackages
        mv ${{ github.workspace }}/artifacts/*.deb ${{ github.workspace }}/artifacts/linuxpackages
        mv ${{ github.workspace }}/artifacts/*.rpm ${{ github.workspace }}/artifacts/linuxpackages
        cp ${{ github.workspace }}/linux-package-feeds/publish-apt.sh \
          ${{ github.workspace }}/linux-package-feeds/publish-rpm.sh \
          ${{ github.workspace }}/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh \
          ${{ github.workspace }}/BuildAssets/repos/test-linux-package-from-feed.sh \
          ${{ github.workspace }}/BuildAssets/test-linux-package.sh \
          ${{ github.workspace }}/linux-package-feeds/install-linux-package.sh \
          ${{ github.workspace }}/linux-package-feeds/install-linux-feed-package.sh \
          ${{ github.workspace }}/artifacts/linuxpackages
        zip -rj ${{ github.workspace }}/artifacts/OctopusTools.Packages.linux-x64.$VERSION.zip ${{ github.workspace }}/artifacts/linuxpackages
        rm -rf ${{ github.workspace }}/artifacts/linuxpackages
    - uses: actions/upload-artifact@v3
      with:
        name: packages-linux
        path: artifacts/OctopusTools.Packages.linux-x64.${{ needs.build.outputs.version }}.zip

  linux-distro-packages-test:
    name: Test Linux distro packages
    needs: [build, linux-distro-packages-build, docker-build]
    runs-on: ubuntu-latest
    env:
      VERSION: ${{ needs.build.outputs.version }}
    strategy:
      matrix:
        distro: [
          'debian:stable-slim',
          'debian:oldstable-slim',
          'ubuntu:latest',
          'ubuntu:focal',
          'ubuntu:bionic',
          'ubuntu:xenial',
          'ubuntu:trusty',
          'fedora:32',
          'linuxmintd/mint19.3-amd64',
          'roboxes/rhel8',
          'roboxes/rhel7'
        ]
    steps:
    - uses: actions/download-artifact@v3
      with:
        name: packages-linux
        path: artifacts
    - name: Extract package
      run: unzip ${{ github.workspace }}/artifacts/OctopusTools.Packages.linux-x64.$VERSION.zip -d ${{ github.workspace }}/artifacts/OctopusTools.Packages
    - name: Test the distro image
      env:
        OCTOPUS_CLI_SERVER: ${{ secrets.OCTOPUS_URL }}
        OCTOPUS_CLI_API_KEY: ${{ secrets.OCTOPUS_API_KEY }}
        REDHAT_SUBSCRIPTION_USERNAME: ${{ secrets.REDHAT_SUBSCRIPTION_USERNAME }}
        REDHAT_SUBSCRIPTION_PASSWORD: ${{ secrets.REDHAT_SUBSCRIPTION_PASSWORD }}
      run: |
        docker run --env OCTOPUS_SPACE=Integrations --env "OCTOPUS_EXPECT_ENV=Components - Internal" --env PKG_PATH_PREFIX=octopuscli \
        --env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD --env OCTOPUS_CLI_SERVER  --env OCTOPUS_CLI_API_KEY \
        --volume ${{ github.workspace }}/artifacts/OctopusTools.Packages:/working \
        --rm --tty \
        ${{ matrix.distro }} \
        bash -c "cd /working && bash ./test-linux-package.sh"

  publish:
    name: Publish the packages
    needs: [build, docker-build, linux-distro-packages-test]
    runs-on: ubuntu-latest
    env:
      OCTOPUS_URL: ${{ secrets.OCTOPUS_URL }}
      OCTOPUS_API_KEY: ${{ secrets.OCTOPUS_API_KEY }}
      VERSION: ${{ needs.build.outputs.version }}
      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
    - uses: actions/checkout@v3

    - uses: actions/download-artifact@v3
      with:
        name: artifacts
        path: artifacts
    - uses: actions/download-artifact@v3
      with:
        name: packages-linux
        path: artifacts
    - uses: actions/download-artifact@v3
      with:
        name: docker-image
        path: artifacts

    - name: Generate sha256 checksums
      if: github.event_name == 'release'
      run: |
        releaseVersion=${{ needs.build.outputs.version }}
        for filePath in $(find artifacts/* -name "OctopusTools.${releaseVersion}.*.tar.gz" -or -name "OctopusTools.${releaseVersion}.*.zip")
        do
          fileName="$(basename -- $filePath)"
          newSha=$(sha256sum "$filePath" | awk '{ print $1 }')
          echo "$newSha $fileName" >> artifacts/OctopusTools.${releaseVersion}.SHA256SUMS
        done

    - name: Upload binaries and checksum file to release
      if: github.event_name == 'release'
      run: |
        releaseVersion=${{ needs.build.outputs.version }}
        args=("v$releaseVersion")
        for filePath in $(find artifacts/* -name "OctopusTools.${releaseVersion}.*.tar.gz" -or -name "OctopusTools.${releaseVersion}.*.zip" -or -name '*.SHA256SUMS')
        do 
          args+=($filePath)
        done
        gh release upload ${args[@]}

    - name: Compress packages
      id: compress-packages
      run: |
        cd artifacts
        tar -xf OctopusTools.$VERSION.linux-x64.tar.gz
        zip OctopusTools.Zips.$VERSION.zip *.zip *.tar.gz

    - name: Push a package to Octopus Deploy 🐙
      uses: OctopusDeploy/push-package-action@v3
      with:
        space: Integrations
        packages: |
          artifacts/Octopus.DotNet.Cli.${{ needs.build.outputs.version }}.nupkg
          artifacts/OctopusTools.${{ needs.build.outputs.version }}.nupkg
          artifacts/Octo.Docker.Image.${{ needs.build.outputs.version }}.tar.gz
          artifacts/OctopusTools.Packages.linux-x64.${{ needs.build.outputs.version }}.zip
          artifacts/OctopusTools.Zips.${{ needs.build.outputs.version }}.zip

    - name: Fetch Release Notes
      id: fetch-release-notes
      if: github.event_name == 'release'
      run: |
        echo "::debug::${{github.event_name}}"
        OUTPUT_FILE="release_notes.txt"
        jq --raw-output '.release.body' ${{ github.event_path }} | sed 's#\r#  #g' > $OUTPUT_FILE
        echo "release-note-file=$OUTPUT_FILE" >> $GITHUB_OUTPUT

    - name: Create a release in Octopus Deploy 🐙
      uses: OctopusDeploy/create-release-action@v3
      with:
        space: Integrations
        project: 'Octopus CLI'
        package_version: ${{ needs.build.outputs.version }}
        packages: '*:NuGet.CommandLine:4.4.1'
        release_notes_file: ${{ (github.event_name == 'release' && steps.fetch-release-notes.outputs.release-note-file) || ''}}
        git_ref: ${{ (github.ref_type == 'tag' && github.event.repository.default_branch ) || (github.head_ref || github.ref) }}
        git_commit: ${{ github.event.after || github.event.pull_request.head.sha }}