name: Build Linux package (REUSABLE)

on:
  workflow_call:
    inputs:
      RELEASE:
        required: true
        type: string
      LINUX:
        required: true
        type: string
      PACKAGE:
        required: true
        type: string
      PLATFORMS:
        required: true
        type: string
      TEST:
        required: false
        type: boolean
        default: false
    secrets:
      DOCKER_USERNAME:
        required: true
      DOCKER_TOKEN:
        required: true
      ARM_SSH_KEY:
        required: false
      ARM_SSH_IP:
        required: false
      ARM_SSH_CONFIG:
        required: false

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      # Prepare
      - name: Checkout source code
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Replace VERSION
        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
        run: ./misc/update-version.sh ${{ inputs.RELEASE }}
      - name: Extract arch
        run: |
          echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
        env:
          PLATFORMS: ${{ inputs.PLATFORMS }}
      - name: Extract linux arch
        if: inputs.PACKAGE == 'rpm'
        run: |
          echo "LARCH=${{ env.ARCH }}" | sed 's/amd64/x86_64/g' | sed 's/arm64/aarch64/g' >> "$GITHUB_ENV"
        env:
          ARCH: ${{ env.ARCH }}
      - name: Extract linux arch
        if: inputs.PACKAGE == 'deb'
        run: |
          echo "LARCH=${{ env.ARCH }}" >> "$GITHUB_ENV"
        env:
          ARCH: ${{ env.ARCH }}
      - name: Setup SSH for ARM node
        if: startsWith(env.ARCH, 'arm') == true
        run: |
          mkdir -p ~/.ssh
          echo "$SSH_KEY" > ~/.ssh/id_rsa_arm
          chmod 600 ~/.ssh/id_rsa_arm
          echo "$SSH_CONFIG" | sed "s/SSH_IP/$SSH_IP/g" > ~/.ssh/config
        env:
          SSH_KEY: ${{ secrets.ARM_SSH_KEY }}
          SSH_IP: ${{ secrets.ARM_SSH_IP }}
          SSH_CONFIG: ${{ secrets.ARM_SSH_CONFIG }}
      - name: Setup Buildx
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
        if: startsWith(env.ARCH, 'arm') == false
      - name: Setup Buildx (ARM)
        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
        if: startsWith(env.ARCH, 'arm') == true
        with:
          endpoint: ssh://root@arm
          platforms: linux/arm64,linux/arm/v7,linux/arm/v6
      - name: Login to Docker Hub
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}
      - name: Login to ghcr
        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # Build testing package image
      - name: Build package image
        if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev' || inputs.RELEASE == 'ui'
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
        with:
          context: .
          load: true
          file: src/linux/Dockerfile-${{ inputs.LINUX }}
          platforms: ${{ inputs.PLATFORMS }}
          tags: local/bunkerweb-${{ inputs.LINUX }}:latest
          cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}
          cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }},mode=min
      # Build non-testing package image
      - name: Build package image
        if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
        with:
          context: .
          load: true
          file: src/linux/Dockerfile-${{ inputs.LINUX }}
          platforms: ${{ inputs.PLATFORMS }}
          tags: local/bunkerweb-${{ inputs.LINUX }}:latest
      # Generate package
      - name: Generate package
        if: startsWith(env.ARCH, 'arm') == false
        run: ./src/linux/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }}
        env:
          LARCH: ${{ env.LARCH }}
      - name: Generate package (ARM)
        if: startsWith(env.ARCH, 'arm') == true
        run: |
          docker save local/bunkerweb-${{ inputs.LINUX }}:latest | ssh -C root@arm docker load
          scp ./src/linux/package.sh root@arm:/opt
          ssh root@arm chmod +x /opt/package.sh
          ssh root@arm /opt/package.sh ${{ inputs.LINUX }} ${{ env.LARCH }} "$(cat src/VERSION | tr -d '\n')"
          scp -r root@arm:/root/package-${{ inputs.LINUX }} ./package-${{ inputs.LINUX }}
        env:
          LARCH: ${{ env.LARCH }}
      - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
        with:
          name: package-${{ inputs.LINUX }}-${{ env.LARCH }}
          path: package-${{ inputs.LINUX }}/*.${{ inputs.PACKAGE }}
      # Build test image
      - name: Extract metadata
        if: inputs.TEST == true
        id: meta
        uses: docker/metadata-action@e6428a5c4e294a61438ed7f43155db912025b6b3 # v5.2.0
        with:
          images: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
      - name: Build test image
        if: inputs.TEST == true
        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
        with:
          context: .
          file: tests/linux/Dockerfile-${{ inputs.LINUX }}
          platforms: ${{ inputs.PLATFORMS }}
          push: true
          tags: ghcr.io/bunkerity/${{ inputs.LINUX }}-tests:${{ inputs.RELEASE }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}-tests
          cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}-tests,mode=min