.github/workflows/_reusable_build_package.yml

name: '_reusable_build_package'

on:
  workflow_call:
    inputs:
      otc_build_number:
        required: true
        type: string
      cmake_target:
        required: true
        type: string
      workflow_id:
        required: true
        type: string
      runs_on:
        required: true
        type: string
      goarch:
        required: false
        type: string
      package_arch:
        required: false
        type: string
      build_tool:
        required: true
        type: string
      fips:
        required: false
        type: boolean
        default: false
    secrets:
      gh_artifacts_token:
        required: true
      apple_developer_certificate_p12_base64:
        required: false
      apple_developer_certificate_password:
        required: false
      productbuild_identity_name:
        required: false
      microsoft_certificate:
        required: false
      microsoft_certificate_password:
        required: false
      microsoft_certhash:
        required: false
      microsoft_certname:
        required: false
      microsoft_description:
        required: false
      gh_ci_token:
        required: true
      packagecloud_token:
        required: true
      aws_access_key_id:
        required: true
      aws_secret_access_key:
        required: true
    outputs:
      otc_version:
        description: "The version of the package"
        value: ${{ jobs.build_package.outputs.otc_version }}
      otc_build_number:
        description: "The build number of the package"
        value: ${{ jobs.build_package.outputs.otc_build_number }}

defaults:
  run:
    shell: bash

jobs:
  build_package:
    runs-on: ${{ inputs.runs_on }}
    name: Build (CMake)
    if: inputs.build_tool == 'cmake'
    outputs:
      otc_version: ${{ steps.get-otc-version.outputs.otc_version }}
      otc_build_number: ${{ steps.get-build-number.outputs.otc_build_number }}
      package_path: ${{ steps.package.outputs.path }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Workflow URL for sumologic-otel-collector
        run: |
          org="SumoLogic"
          repo="sumologic-otel-collector"
          workflow_id="${{ inputs.workflow_id }}"
          echo "https://github.com/${org}/${repo}/actions/runs/${workflow_id}"

      # Only output build number on one target so that it can be read by other
      # jobs
      - name: Output Build Number
        if: inputs.cmake_target == 'otc_linux_amd64_deb'
        id: get-build-number
        run: |
          build_number=${{ inputs.otc_build_number }}
          echo "otc_build_number=${build_number}" >> $GITHUB_OUTPUT

      - name: Determine if MacOS package should be signed
        if: runner.os == 'macOS'
        env:
          PRODUCTBUILD_IDENTITY_NAME: ${{ secrets.productbuild_identity_name }}
          GH_CI_TOKEN: ${{ secrets.GH_CI_TOKEN }}
        run: |
          if [ -n "${PRODUCTBUILD_IDENTITY_NAME}" ]; then
              echo "MACOS_SIGNING_ENABLED=true" >> $GITHUB_ENV
          fi

      - name: Make build directory
        if: runner.os != 'Linux'
        run: mkdir build

      # TODO: Go back to using Apple-Actions/import-codesign-certs once https://github.com/Apple-Actions/import-codesign-certs/pull/58 is merged
      - name: Import macOS Code-Signing Certificates
        if: ${{ runner.os == 'macOS' && env.MACOS_SIGNING_ENABLED == 'true' }}
        run: |
          export p12_filepath=$(mktemp)
          echo '${{ secrets.apple_developer_certificate_p12_base64 }}' | base64 --decode >${p12_filepath}
          /usr/bin/security create-keychain -p ${{ secrets.apple_developer_certificate_password }} signing_temp.keychain
          /usr/bin/security set-keychain-settings -lut 21600 signing_temp.keychain
          /usr/bin/security unlock-keychain -p ${{ secrets.apple_developer_certificate_password }} signing_temp.keychain
          /usr/bin/security import ${p12_filepath} -k signing_temp.keychain -f pkcs12 -A -T /usr/bin/codesign -T /usr/bin/security -P ${{ secrets.apple_developer_certificate_password }}
          /usr/bin/security set-key-partition-list -S apple-tool:,apple: -k ${{ secrets.apple_developer_certificate_password }} signing_temp.keychain
          /usr/bin/security list-keychains -d user -s signing_temp.keychain login.keychain

      - name: Fetch version artifact
        if: runner.os == 'Linux'
        uses: ./ci/github-actions/cmake
        with:
          args: -P version_artifact.cmake
          gh_token: ${{ secrets.gh_artifacts_token }}
          workflow_id: ${{ inputs.workflow_id }}
          work_dir: .

      - name: Fetch version artifact
        if: runner.os != 'Linux'
        env:
          GH_TOKEN: ${{ secrets.gh_artifacts_token }}
          GH_WORKFLOW_ID: ${{ inputs.workflow_id }}
        run: cmake -P version_artifact.cmake

      - name: Output OTC Version
        id: get-otc-version
        if: inputs.cmake_target == 'otc_linux_amd64_deb'
        working-directory: build/version_detection
        run: >
          version=$(./otelcol-sumo --version |
          sed -E -n 's/.* ([0-9]+\.[0-9]+\.[0-9]+)\-sumo.*/\1/p') &&
          echo otc_version="${version}" >> $GITHUB_OUTPUT &&
          if [[ "$version" == "" ]]; then exit 1; fi

      - name: Build Makefile
        id: cmake-linux
        if: runner.os == 'Linux'
        uses: ./ci/github-actions/cmake
        with:
          gh_token: ${{ secrets.gh_artifacts_token }}
          otc_build_number: ${{ inputs.otc_build_number }}
          target: ${{ inputs.cmake_target }}
          workflow_id: ${{ inputs.workflow_id }}

      - name: Build Makefile
        id: cmake-other
        if: runner.os != 'Linux'
        env:
          GH_TOKEN: ${{ secrets.gh_artifacts_token }}
          GH_WORKFLOW_ID: ${{ inputs.workflow_id }}
          OTC_BUILD_NUMBER: ${{ inputs.otc_build_number }}
          PRODUCTBUILD_IDENTITY_NAME: ${{ secrets.productbuild_identity_name }}
          TARGET: ${{ inputs.cmake_target }}
        working-directory: build
        run: cmake ../

      - name: Set simple package outputs
        id: package
        env:
          PACKAGE_NAME: >-
            ${{
            steps.cmake-linux.outputs.package_name ||
            steps.cmake-other.outputs.package_name
            }}
        run: >
          echo path="$PACKAGE_NAME" >> $GITHUB_OUTPUT

      - name: Build package
        if: runner.os == 'Linux'
        uses: ./ci/github-actions/make
        with:
          gh_token: ${{ secrets.gh_artifacts_token }}
          target: package

      - name: Build package
        if: runner.os != 'Linux'
        env:
          GH_TOKEN: ${{ secrets.gh_artifacts_token }}
        working-directory: build
        run: make package

      - name: Store package as action artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ steps.package.outputs.path }}
          path: ./build/${{ steps.package.outputs.path }}
          if-no-files-found: error

      - name: Publish packages
        if: runner.os == 'Linux'
        uses: ./ci/github-actions/make
        with:
          target: publish-package
          packagecloud_token: ${{ secrets.PACKAGECLOUD_TOKEN }}
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Publish packages
        if: runner.os != 'Linux'
        working-directory: build
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}
        run: make publish-package

      - name: Wait for Packagecloud packages to be indexed
        if: runner.os == 'Linux'
        uses: ./ci/github-actions/make
        with:
          target: wait-for-packagecloud-indexing
          packagecloud_token: ${{ secrets.PACKAGECLOUD_TOKEN }}

  test_package:
    runs-on: ${{ inputs.runs_on }}
    name: Test (CMake)
    if: inputs.build_tool == 'cmake'
    needs: build_package
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Download macOS package
        uses: actions/download-artifact@v4
        with:
          name: ${{ needs.build_package.outputs.package_path }}
          path: artifacts/

      - name: Verify installer
        if: inputs.cmake_target == 'otc_darwin_amd64_productbuild'
        run: sudo ./ci/verify_installer.sh "artifacts/${{ needs.build_package.outputs.package_path }}"

  build_wix_package:
    runs-on: ${{ inputs.runs_on }}
    name: Build (WiX) ${{ inputs.fips && 'FIPS' || '' }}
    if: inputs.build_tool == 'wix'
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Workflow URL for sumologic-otel-collector
        run: |
          org="SumoLogic"
          repo="sumologic-otel-collector"
          workflow_id="${{ inputs.workflow_id }}"
          echo "https://github.com/${org}/${repo}/actions/runs/${workflow_id}"

      - name: Make build directory
        run: mkdir build

      - name: Add msbuild to PATH
        uses: microsoft/setup-msbuild@v2

      - name: Fetch version artifact
        env:
          GH_TOKEN: ${{ secrets.gh_artifacts_token }}
          GH_WORKFLOW_ID: ${{ inputs.workflow_id }}
        shell: cmd
        run: cmake -P version_artifact.cmake

      - name: Determine version from binary
        id: get-version
        working-directory: ./build/version_detection
        run: >
          version=$(./otelcol-sumo.exe --version |
          sed -E -n 's/.* ([0-9]+\.[0-9]+\.[0-9]+)\-sumo.*/\1/p') &&
          echo product_version="${version}.${{ inputs.otc_build_number }}" >> $GITHUB_OUTPUT &&
          echo version="${version}-${{ inputs.otc_build_number }}" >> $GITHUB_OUTPUT

      - name: Determine artifact names
        run: |
          echo "OTC_WORKFLOW_ARTIFACT_NAME=otelcol-sumo-${{ inputs.fips && 'fips-' || '' }}windows_${{ inputs.goarch }}.exe" >> $GITHUB_ENV
          echo "OTC_BUILD_INPUT_NAME=otelcol-sumo-windows_${{ inputs.goarch }}.exe" >> $GITHUB_ENV

      # Download the artifacts required to build the package target.
      - name: Download otelcol-sumo artifact from workflow
        uses: dawidd6/action-download-artifact@v3.1.4
        with:
          github_token: ${{ secrets.gh_artifacts_token }}
          repo: SumoLogic/sumologic-otel-collector
          run_id: ${{ inputs.workflow_id }}
          workflow_conclusion: success
          name: ${{ env.OTC_WORKFLOW_ARTIFACT_NAME }}
          path: ./build/artifacts
          if_no_artifact_found: fail

      - name: Rename GitHub Workflow artifact
        working-directory: ./build/artifacts
        env:
          MV_FROM: ${{ env.OTC_WORKFLOW_ARTIFACT_NAME }}
          MV_TO: ${{ env.OTC_BUILD_INPUT_NAME }}
        run: mv -n "$MV_FROM" "$MV_TO"

      - name: Build MSI
        id: build
        working-directory: ./msi/wix
        env:
          PLATFORM: ${{ inputs.package_arch }}
          PRODUCT_VERSION: ${{ steps.get-version.outputs.product_version }}
        run: |
          msbuild.exe -p:Configuration=Release \
            -p:Platform=$PLATFORM \
            -p:ProductVersion=$PRODUCT_VERSION \
            -p:FIPSEnabled=${{ inputs.fips }} \
            -Restore
          PACKAGE_PATH=./msi/wix/$(find bin/${{ inputs.package_arch }}/en-US -name "*.msi")
          echo "package_path=${PACKAGE_PATH}" >> $GITHUB_OUTPUT
          echo "package_filename=$(basename ${PACKAGE_PATH})" >> $GITHUB_OUTPUT

      - name: Sign MSI
        uses: skymatic/code-sign-action@v3
        with:
          certificate: ${{ secrets.microsoft_certificate }}
          password: ${{ secrets.microsoft_certificate_password }}
          certificatesha1: ${{ secrets.microsoft_certhash }}
          description: ${{ secrets.microsoft_description }}
          folder: ./msi/wix/bin/${{ inputs.package_arch }}/en-US

      - name: Store MSI as action artifact
        uses: actions/upload-artifact@v4
        with:
          name: ${{ steps.build.outputs.package_filename }}
          path: ${{ steps.build.outputs.package_path }}
          if-no-files-found: error

      - name: Publish packages
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: us-west-2
          VERSION: ${{ steps.get-version.outputs.version }}
          PKG_PATH: ${{ steps.build.outputs.package_path }}
          PKG_NAME: ${{ steps.build.outputs.package_filename }}
          S3_BUCKET: sumologic-osc-ci-builds
        run: |
          aws.exe s3 cp $PKG_PATH \
          s3://${S3_BUCKET}/${VERSION}/${PKG_NAME}

  test_wixext:
    name: Test (SumoLogic.wixext)
    if: inputs.build_tool == 'wix'
    runs-on: windows-2019
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Add msbuild to PATH
        uses: microsoft/setup-msbuild@v2

      - name: Restore NuGet packages
        working-directory: ./msi/SumoLogic.wixext/SumoLogicTests
        run: nuget.exe restore -PackagesDirectory ../packages

      - name: Build unit tests
        working-directory: ./msi/SumoLogic.wixext/SumoLogicTests
        run: msbuild.exe -p:Configuration=Release -p:Platform=AnyCPU -Restore

      - name: Run unit tests
        working-directory: ./msi/SumoLogic.wixext/SumoLogicTests/bin/Release
        run: dotnet test -v:n ./SumoLogicTests.dll