name: build

on:
  workflow_call:
    inputs:
      projects:
        required: true
        type: string
      platform:
        required: true
        type: string
      new-version:
        type: boolean
        required: false
        default: false

jobs:
  get-platform:
    runs-on: ubuntu-latest
    outputs:
      os: ${{ steps.platform.outputs.os }}
      build-os: ${{ steps.platform.outputs.build-os }}
      container: ${{ steps.platform.outputs.container }}
      test-matrix: ${{ steps.platform.outputs.test-matrix }}
    steps:
      - uses: actions/checkout@v3
        with:
          repository: teaxyz/pantry.core
      - uses: teaxyz/setup@v0
      - run: scripts/get-platform.ts ${{ inputs.projects }}
        id: platform
        env:
          PLATFORM: ${{ inputs.platform }}
          TEA_PANTRY_PATH: ${{ github.workspace }}

  build:
    runs-on: ${{ fromJson(needs.get-platform.outputs.build-os) }}
    container: ${{ fromJson(needs.get-platform.outputs.container) }}
    needs: [get-platform]
    steps:
      - uses: actions/checkout@v3

      - uses: teaxyz/setup@v0
        id: tea
        with:
          prefix: /opt

      - name: sanitize macOS runners
        if: matrix.platform.os == 'macos-11'
        run: sudo mv /usr/local/bin/* /tmp/

      - name: configure tea env
        run: |
          echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
          echo "TEA_PANTRY_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV

      - run: sort.ts ${{ inputs.projects }}
        id: sorted

      - run: build.ts ${{ steps.sorted.outputs.pkgs }}
        id: build
        env:
          GITHUB_TOKEN: ${{ github.token }}
          FORCE_UNSAFE_CONFIGURE: 1  # some configure scripts refuse to run as root

      - name: delete `.la` files
        run: find . -name '*.la' -delete
        working-directory: ${{ steps.tea.outputs.prefix }}

      # cache data we'll need in the bottling job
      - name: assemble artifact metadata
        run: |
          echo ${{ steps.build.outputs.pkgs }} >built
          echo ${{ steps.build.outputs.relative-paths }} >relative-paths
          echo ${{ steps.build.outputs.srcs }} >srcs
        working-directory: ${{ steps.tea.outputs.prefix }}

      # tarring ourselves ∵ GHA-artifacts (ludicrously) lose permissions
      # /ref https://github.com/actions/upload-artifact/issues/38
      - name: create artifacts.tgz
        run:
          tar czf $GITHUB_WORKSPACE/artifacts.tgz
            ${{ steps.build.outputs.relative-paths }}
            ${{ steps.build.outputs.srcs-relative-paths }}
            built relative-paths srcs
        working-directory: ${{ steps.tea.outputs.prefix }}

      - name: upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: ${{ inputs.platform }}
          path: artifacts.tgz
          if-no-files-found: error

  test:
    needs: [get-platform, build]
    runs-on: ${{ matrix.platform.os }}
    strategy:
      matrix:
        platform: ${{ fromJson(needs.get-platform.outputs.test-matrix) }}
    outputs:
      HAS_SECRETS: ${{ env.HAS_SECRETS }}
    container: ${{ matrix.platform.container }}
    steps:
      - uses: actions/checkout@v3
      - uses: teaxyz/setup@v0

      - name: configure scripts PATH
        run: echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH

      - uses: actions/download-artifact@v3
        with:
          name: ${{ inputs.platform }}

      - name: extract bottles
        run: tar xzf artifacts.tgz -C $TEA_PREFIX

      - run: test.ts ${{ inputs.projects }}
        env:
          TEA_PANTRY_PATH: ${{ github.workspace }}

      - name: post
        run:
          echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV
        env:
          HAS_SECRETS: ${{ secrets.AWS_S3_CACHE != null }}

  stage:
    needs: [test]
    # this only works for PRs from our team to our repo (security! :( )
    if: startsWith(github.ref, 'refs/pull/') && startsWith(github.repository, 'teaxyz/pantry.') && needs.test.outputs.HAS_SECRETS == 'true'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: teaxyz/setup@v0

      - name: configure scripts PATH
        run: echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH

      - uses: actions/download-artifact@v3
        with:
          name: ${{ inputs.platform }}

      - run: cache-artifacts.ts
          ${{github.repository}}
          ${{github.ref}}
          ${{inputs.platform}}
          artifacts.tgz
        env:
          AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

  complain:
    if: failure() && inputs.new-version == 'true'
    needs: [test]
    runs-on: ubuntu-latest
    steps:
      - uses: martialonline/workflow-status@v3
        id: status
      - uses: rtCamp/action-slack-notify@v2
        if: ${{ env.SLACK_WEBHOOK != '' }}
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
          SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
          SLACK_MESSAGE: new-version:${{ inputs.projects }} (${{ inputs.platform }}) ${{ steps.status.outputs.status }}
          SLACK_COLOR: ${{ steps.status.outputs.status }}
      - uses: actions/checkout@v3
        if: ${{ steps.status.outputs.status == 'failure' }}
      - uses: JasonEtco/create-an-issue@v2
        if: ${{ steps.status.outputs.status == 'failure' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PACKAGE: ${{ inputs.projects }} (${{ inputs.platform }})
          URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}