---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later

name: execution environment
on:
  # Run CI against all pushes (direct commits, also merged PRs), Pull Requests
  push:
    branches:
      - main
      - stable-*
  pull_request:
  # Run CI once per day (at 04:30 UTC)
  # This ensures that even if there haven't been commits that we are still testing against latest version of ansible-builder
  schedule:
    - cron: '30 4 * * *'

env:
  NAMESPACE: community
  COLLECTION_NAME: docker

jobs:
  build:
    name: Build and test EE (${{ matrix.name }})
    strategy:
      fail-fast: false
      matrix:
        name:
          - ''
        ansible_core:
          - ''
        ansible_runner:
          - ''
        base_image:
          - ''
        pre_base:
          - ''
        extra_vars:
          - ''
        other_deps:
          - ''
        exclude:
          - ansible_core: ''
        include:
          - name: ansible-core devel @ RHEL UBI 9
            ansible_core: https://github.com/ansible/ansible/archive/devel.tar.gz
            ansible_runner: ansible-runner
            other_deps: |2
                python_interpreter:
                  package_system: python3.11 python3.11-pip python3.11-wheel python3.11-cryptography
                  python_path: "/usr/bin/python3.11"
            base_image: docker.io/redhat/ubi9:latest
            pre_base: '"#"'
          - name: ansible-core 2.15 @ Rocky Linux 9
            ansible_core: https://github.com/ansible/ansible/archive/stable-2.15.tar.gz
            ansible_runner: ansible-runner
            base_image: quay.io/rockylinux/rockylinux:9
            pre_base: '"#"'
          - name: ansible-core 2.14 @ CentOS Stream 9
            ansible_core: https://github.com/ansible/ansible/archive/stable-2.14.tar.gz
            ansible_runner: ansible-runner
            base_image: quay.io/centos/centos:stream9
            pre_base: '"#"'
          - name: ansible-core 2.13 @ RHEL UBI 8
            ansible_core: https://github.com/ansible/ansible/archive/stable-2.13.tar.gz
            ansible_runner: ansible-runner
            other_deps: |2
                python_interpreter:
                  package_system: python39 python39-pip python39-wheel python39-cryptography
            base_image: docker.io/redhat/ubi8:latest
            pre_base: '"#"'
    runs-on: ubuntu-latest
    steps:
      - name: Check out code
        uses: actions/checkout@v4
        with:
          path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install ansible-builder and ansible-navigator
        run: pip install ansible-builder ansible-navigator

      - name: Verify requirements
        run: ansible-builder introspect --sanitize .

      - name: Make sure galaxy.yml has version entry
        run: >-
          python -c
          'import yaml ;
          f = open("galaxy.yml", "rb") ;
          data = yaml.safe_load(f) ;
          f.close() ;
          data["version"] = data.get("version") or "0.0.1" ;
          f = open("galaxy.yml", "wb") ;
          f.write(yaml.dump(data).encode("utf-8")) ;
          f.close() ;
          '
        working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}

      - name: Build collection
        run: |
          ansible-galaxy collection build --output-path ../../../
        working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}

      - name: Create files for building execution environment
        run: |
          COLLECTION_FILENAME="$(ls "${{ env.NAMESPACE }}-${{ env.COLLECTION_NAME }}"-*.tar.gz)"

          # EE config
          cat > execution-environment.yml <<EOF
          ---
          version: 3
          dependencies:
            ansible_core:
              package_pip: ${{ matrix.ansible_core }}
            ansible_runner:
              package_pip: ${{ matrix.ansible_runner }}
            galaxy: requirements.yml
          ${{ matrix.other_deps }}

          images:
            base_image:
              name: ${{ matrix.base_image }}

          additional_build_files:
            - src: ${COLLECTION_FILENAME}
              dest: src

          additional_build_steps:
            prepend_base:
              - ${{ matrix.pre_base }}
          EOF
          echo "::group::execution-environment.yml"
          cat execution-environment.yml
          echo "::endgroup::"

          # Requirements
          cat > requirements.yml <<EOF
          ---
          collections:
            - name: src/${COLLECTION_FILENAME}
              type: file
          EOF
          echo "::group::requirements.yml"
          cat requirements.yml
          echo "::endgroup::"

      - name: Build image based on ${{ matrix.base_image }}
        run: |
          ansible-builder build --verbosity 3 --tag test-ee:latest --container-runtime docker

      - name: Show images
        run: docker image ls

      - name: Make /var/run/docker.sock accessible by everyone
        run: sudo chmod a+rw /var/run/docker.sock

      - name: Run basic tests
        run: >
          ansible-navigator run
          --mode stdout
          --container-engine docker
          --container-options=-v --container-options=/var/run/docker.sock:/var/run/docker.sock
          --pull-policy never
          --set-environment-variable ANSIBLE_PRIVATE_ROLE_VARS=true
          --execution-environment-image test-ee:latest
          -v
          all.yml
          ${{ matrix.extra_vars }}
        working-directory: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}/tests/ee