.github/workflows/images.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

# GitHub recommends pinning actions to a commit SHA.
# To get a newer version, you will need to update the SHA.
# You can also reference a tag or branch, but the action may change without warning.

name: Create and publish a Docker images

on:
  push: {}

env:
  REGISTRY: ghcr.io
  IMAGE_BASE_NAME: ${{ github.repository_owner }}

jobs:
  build-and-push-image:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    strategy:
      matrix:
        app:
          - name: web_proxy
          - name: static_datastore_builder
          - name: public_node
    env:
      OUTPUTS_DIR: /tmp/outputs

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Log in to the Container registry
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: |
            "${{ env.REGISTRY }}/${{ env.IMAGE_BASE_NAME }}/${{ matrix.app.name }}"
          tags: |
            type=ref,event=branch,prefix=branch-
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}

      - name: Build and push
        id: build_and_push
        uses: docker/build-push-action@v4
        with:
          context: .
          file: build/docker/Dockerfile.${{ matrix.app.name }}
          platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/riscv64
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

      - name: Prepare artifacts
        run: |
          mkdir -p  "$OUTPUTS_DIR"
          jq -c '{
            "${{ matrix.app.name }}": (
                "${{ env.REGISTRY }}/${{ env.IMAGE_BASE_NAME }}/${{ matrix.app.name }}@" + .["containerimage.digest"]
            )
          }' <<EOF >> "$OUTPUTS_DIR/image"
            ${{ steps.build_and_push.outputs.metadata }}
          EOF

      - name: Upload artifacts
        uses: actions/upload-artifact@v2
        with:
          name: image_${{ matrix.app.name }}
          path: ${{ env.OUTPUTS_DIR }}/image
  
  images:
    runs-on: ubuntu-latest
    needs: build-and-push-image
    env:
      OUTPUTS_DIR: /tmp/outputs
    outputs:
      images: ${{ steps.images.outputs.images }}

    steps:
      - uses: actions/download-artifact@v3
        with:
          path: /tmp/outputs
      - run: ls /tmp/outputs || true
      - run: cat /tmp/outputs/*/image || true
      - id: images
        run: echo "images=$( cat /tmp/outputs/*/image | jq -sc add )" >> "$GITHUB_OUTPUT"

  test-docker-images:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: read
    needs: images

    strategy:
      matrix:
        arch:
          - linux/amd64
          - linux/arm/v6
          - linux/arm/v7
          - linux/arm64
          - linux/riscv64

    env:
      IMG_STATIC_DATASTORE_BUILDER: ${{ fromJSON(needs.images.outputs.images).static_datastore_builder }}
      IMG_PUBLIC_NODE: ${{ fromJSON(needs.images.outputs.images).public_node }}
      IMG_WEB_PROXY: ${{ fromJSON(needs.images.outputs.images).web_proxy }}
      NETWORK_NAME: "cinode/${{ matrix.arch }}"

    steps:
      - name: Dump docker images info
        run: |
          jq . <<EOF
            ${{ needs.images.outputs.images }}
          EOF

      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Log in to the Container registry
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2

      - name: Compile simple dataset
        run: |
          mkdir /tmp/cinode

          docker run \
            --platform "${{ matrix.arch }}" \
            --rm \
            --interactive \
            --read-only \
            --volume "/tmp/cinode:/tmp" \
            --volume "$(pwd)/testvectors:/data:ro" \
            --user $(id -u ${USER}):$(id -g ${USER}) \
            "$IMG_STATIC_DATASTORE_BUILDER" \
            compile \
            --source /data \
            --destination /tmp/encrypted \
          > /tmp/cinode/compile_result.json

      - name: Create docker network
        run: |
          docker network create "$NETWORK_NAME"

      - name: Run public datastore node
        run: |
          docker run \
            --platform "${{ matrix.arch }}" \
            --detach \
            --read-only \
            --network "$NETWORK_NAME" \
            --volume "/tmp/cinode/encrypted:/data:ro" \
            --env CINODE_MAIN_DATASTORE=/data \
            --name datastore \
            "$IMG_PUBLIC_NODE"
      
      - name: Run web proxy
        run: |
          docker run \
            --platform "${{ matrix.arch }}" \
            --detach \
            --read-only \
            --network "$NETWORK_NAME" \
            --env CINODE_ENTRYPOINT="$( cat /tmp/cinode/compile_result.json | jq -r .entrypoint )" \
            --env CINODE_ADDITIONAL_DATASTORE_1="http://datastore:8080/" \
            --name web_proxy \
            "$IMG_WEB_PROXY"

      - name: Inspect docker environment
        run: docker ps

      - name: Check if can fetch files from cinode proxy
        run: |
          docker run \
            --rm \
            --interactive \
            --network "$NETWORK_NAME" \
            --read-only \
            --mount type=tmpfs,destination=/tmp \
            --volume "$(pwd)/testvectors:/data:ro" \
            --user $(id -u ${USER}):$(id -g ${USER}) \
            curlimages/curl \
            sh \
            -c '
              set -euo pipefail
              cd /data
              while read f; do
                FILE_HASH="$( cat "$f" | sha256sum )"
                WEB_HASH="$( curl -s "http://web_proxy:8080/${f}" | sha256sum )"
                echo "${FILE_HASH} ${f}"
                diff <( echo "$FILE_HASH" ) <( echo "$WEB_HASH" )
              done < <( find . -type f -print )
            '

      - name: Dump datastore logs
        if: always()
        run: docker logs datastore

      - name: Dump web_proxy logs
        if: always()
        run: docker logs web_proxy

      - name: Inspect docker environment
        if: always()
        run: docker ps