name: CI

permissions:
  actions: read

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch: {}

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

env:
  CARGO_TERM_COLOR: always

jobs:
  c9s-bootc-e2e:
    strategy:
      matrix:
        runner:
          - ubuntu-24.04
          - ubuntu-24.04-arm

    runs-on: [ "${{ matrix.runner }}" ]

    steps:
      - name: Get a newer podman for heredoc support (from debian testing)
        run: |
          set -eux
          echo 'deb [trusted=yes] https://ftp.debian.org/debian/ testing main' | sudo tee /etc/apt/sources.list.d/testing.list
          sudo apt update
          sudo apt install -y crun/testing podman/testing skopeo/testing

      - uses: actions/checkout@v4

      - name: Install podman
        if: ( matrix.runner == 'ubuntu-24.04-arm' )
        run: |
          sudo apt update -y
          sudo apt install -y podman

      - name: build
        run: sudo podman build -t localhost/bootupd:latest -f Dockerfile .

      - name: bootupctl status in container
        run: |
          set -xeuo pipefail
          sudo podman run --rm -v $PWD:/run/src -w /run/src --privileged localhost/bootupd:latest tests/tests/bootupctl-status-in-bootc.sh

      - name: bootc install to disk
        run: |
          set -xeuo pipefail
          sudo truncate -s 10G myimage.raw
          sudo podman run --rm --privileged -v .:/target --pid=host --security-opt label=disable \
            -v /var/lib/containers:/var/lib/containers \
            -v /dev:/dev \
            localhost/bootupd:latest bootc install to-disk --skip-fetch-check \
            --disable-selinux --generic-image --via-loopback /target/myimage.raw
          # Verify we installed grub.cfg and shim on the disk
          sudo losetup -P -f myimage.raw
          device=$(losetup -a myimage.raw --output NAME -n)
          esp_part=$(sudo sfdisk -l -J "${device}" | jq -r '.partitiontable.partitions[] | select(.type == "C12A7328-F81F-11D2-BA4B-00A0C93EC93B").node')
          sudo mount "${esp_part}" /mnt/
          arch="$(uname --machine)"
          if [[ "${arch}" == "x86_64" ]]; then
            shim="shimx64.efi"
          else
            # Assume aarch64 for now
            shim="shimaa64.efi"
          fi
          sudo ls /mnt/EFI/centos/{grub.cfg,${shim}}
          sudo umount /mnt
          # check /boot/grub2/grub.cfg permission
          root_part=$(sudo sfdisk -l -J "${device}" | jq -r '.partitiontable.partitions[] | select(.name == "root").node')
          sudo mount "${root_part}" /mnt/
          sudo ls /mnt/boot/grub2/grub.cfg
          [ $(sudo stat -c "%a" /mnt/boot/grub2/grub.cfg) == "600" ]
          sudo umount /mnt
          sudo losetup -D "${device}"
          sudo rm -f myimage.raw

      - name: bootc install to filesystem
        run: |
          set -xeuo pipefail
          sudo podman run --rm -ti --privileged -v /:/target --pid=host --security-opt label=disable \
            -v /dev:/dev -v /var/lib/containers:/var/lib/containers \
            localhost/bootupd:latest bootc install to-filesystem --skip-fetch-check \
            --acknowledge-destructive \
            --disable-selinux --replace=alongside /target
          # Verify we injected static configs
          jq -re '.["static-configs"].version' /boot/bootupd-state.json
          [ $(sudo stat -c "%a" /boot/grub2/grub.cfg) == "600" ]

      - name: bootupctl generate-update-metadata
        run: |
          set -xeuo pipefail
          sudo podman run --rm -v $PWD:/run/src -w /run/src --privileged localhost/bootupd:latest tests/tests/move-content-to-usr.sh