env:
  VM_DISK_OUTPUT_DIR: "/rockyDisks"
  SECURE_FILES_DOWNLOAD_PATH: "/secureFiles"
  REPO_DIR: /base-image-build
  VM_DISK_FILE_TO_DOWNLOAD: "Rocky-9-GenericCloud-Base-9.4-20240609.0.x86_64.qcow2"
  BASE_DISK_FILEPATH: "${{ env.VM_DISK_OUTPUT_DIR }}/${{ env.VM_DISK_FILE_TO_DOWNLOAD }}"
  OUTPUT_FILE_PATH: "${{ env.VM_DISK_OUTPUT_DIR }}/${{ env.VM_DISK_FILE_TO_DOWNLOAD }}-${{ env.CI_COMMIT_SHA }}"
  ROCKY_VERSION: "9.4"
  CONTAINER_REGISTRY_DOMAIN: "${{ vars.CONTAINER_REGISTRY_DOMAIN }}"
  CONTAINER_REGISTRY_ORG: "${{ vars.CONTAINER_REGISTRY_ORG }}"
  CONTAINER_REGISTRY_WITH_ORG: ${{ env.CONTAINER_REGISTRY_DOMAIN }}/${{ env.CONTAINER_REGISTRY_ORG}}
  CONTAINER_REGISTRY_RW_USER: ${{ vars.CONTAINER_REGISTRY_RW_USER }}
  CONTAINER_REGISTRY_RW_PASS: ${{ secrets.CONTAINER_REGISTRY_RW_PASS }}
  CI_COMMIT_SHA: ${{ github.sha }}
  BUILDER_PRIVATE_KEY: ${{ secrets.BUILDER_PRIVATE_KEY }}
  BUILDER_PUBLIC_KEY: ${{ secrets.BUILDER_PUBLIC_KEY }}
  BUILDER_CONTAINER_NAME: bootc-builder
  OUTPUT_BOOTC_IMAGE_NAME: "${{ vars.OUTPUT_BOOTC_IMAGE_NAME }}:${{ env.CI_COMMIT_SHA }}"
  OUTPUT_BOOTC_IMAGE_NAME_LATEST: "${{ vars.OUTPUT_BOOTC_IMAGE_NAME }}:latest"

name: build and push bootc image
on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  build:
    runs-on: bootc-runner
    container:
      image: docker:27.0.3
    services:
      docker:
        image: docker:27.0.3-dind
    steps:
      - name: Stop the dangling builder container
        if: always()
        run: docker rm -f $BUILDER_CONTAINER_NAME || true

      - name: Setup the build environment
        run: |
          export BUILDER_PRIVATE_KEY=$(echo -ne "$BUILDER_PRIVATE_KEY" | awk '{printf "%s\\n", $0}')
          export BUILDER_PUBLIC_KEY=$(echo -ne "$BUILDER_PUBLIC_KEY" | awk '{printf "%s\\n", $0}')
          printenv > .env
          docker run -d --name $BUILDER_CONTAINER_NAME --privileged \
            --env-file .env \
            docker.io/monolithify/gitlab-runner-image
          docker exec $BUILDER_CONTAINER_NAME git clone https://gitlab.com/monolithify/base-image-build.git $REPO_DIR
          docker exec $BUILDER_CONTAINER_NAME chmod -R +x $REPO_DIR/scripts
          docker exec $BUILDER_CONTAINER_NAME mkdir /rockyDisks

      - name: Setup builder VM
        run: |
          docker exec $BUILDER_CONTAINER_NAME $REPO_DIR/scripts/setupBuilder/main.sh

      - name: Build-Push the bootc container image
        run:
          docker exec $BUILDER_CONTAINER_NAME $REPO_DIR/scripts/buildPushBootcContainerImage/main.sh

      - name: Stop the dangling builder container
        if: always()
        run: docker rm -f $BUILDER_CONTAINER_NAME || true