.github/workflows/presubmit-build.yaml

on:
  pull_request:
jobs:
  presubmit-matrix:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.generate-matrix.outputs.matrix }}
    steps:
      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
      - id: generate-matrix
        run: |
          set -x
          # TODO: set ONLY env var based on changed files
          matrix="$(ONLY="${{ inputs.only }}" ./hack/matrix.sh)"
          echo "matrix=${matrix}" >> $GITHUB_OUTPUT

  presubmit-build:
    runs-on: ubuntu-latest
    needs: presubmit-matrix
    strategy:
      fail-fast: false
      matrix: ${{ fromJson(needs.presubmit-matrix.outputs.matrix) }}
    permissions:
      id-token: write
      packages: write
      contents: read
    steps:

      # Setup required tooling etc.
      - name: Setup QEMU
        if: ${{ matrix.melangeConfig != '' }}
        uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0
      - uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: '1.3.*'
          terraform_wrapper: false

      # Checkout this repo's source code
      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2

      # Build custom package using melange (if specified)
      - id: melange
        if: ${{ matrix.melangeConfig != '' }}
        uses: chainguard-dev/actions/melange-build@main
        with:
          multi-config: ${{ matrix.melangeConfig }}
          empty-workspace: false
          workdir: images/${{ matrix.imageName }}
          sign-with-temporary-key: true
          archs: x86_64,aarch64

      # Setup local registry
      - uses: chainguard-dev/actions/setup-registry@main
        with:
          port: 5000

      # Build and push image using terraform-provider-apko
      - name: Build image with apko/terraform
        env:
          TF_VAR_target_repository: localhost:5000/${{ matrix.imageName }}
        run: |
          set -x
          cd images/${{ matrix.imageName }}/
          terraform init
          terraform apply -auto-approve

  presubmit-roundup:
    needs:
      - presubmit-build
    runs-on: ubuntu-latest
    if: always()
    steps:
      - uses: technote-space/workflow-conclusion-action@45ce8e0eb155657ab8ccf346ade734257fd196a5 # v3.0.3

      - if: ${{ env.WORKFLOW_CONCLUSION == 'success' }}
        working-directory: /tmp
        run: echo ${{ env.WORKFLOW_CONCLUSION }} && exit 0

      - if: ${{ env.WORKFLOW_CONCLUSION == 'failure' }}
        working-directory: /tmp
        run: echo ${{ env.WORKFLOW_CONCLUSION }} && exit 1