name: "Build and Publish GoReleaser"

on:
  pull_request:
  # The default types are opened, synchronize, and reopened

  # See https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request
  # We add a label trigger too, since when the build-publish label is added to a PR, we want to build and publish
    types:
      - opened
      - synchronize
      - reopened
      - labeled
  push:
    branches:
      - develop
  workflow_dispatch:
    inputs:
      git_ref:
        description: "The git ref to check out"
        required: true
      build-publish:
        description: "Whether to build and publish - defaults to just build"
        required: false
        default: "false"

env:
  GIT_REF: ${{ github.event.inputs.git_ref || github.ref }}

jobs:
  merge:
    runs-on: ubuntu-latest
    needs: [split, image-tag]
    if: ${{ needs.image-tag.outputs.release-type == 'nightly' }}
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          ref: ${{ env.GIT_REF }}

      - name: Configure aws credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}
          mask-aws-account-id: true
          role-session-name: "merge"

      - uses: actions/cache/restore@v4
        with:
          path: dist/linux_amd64_v1
          key: chainlink-amd64-${{ github.sha }}
          fail-on-cache-miss: true

      - uses: actions/cache/restore@v4
        with:
          path: dist/linux_arm64
          key: chainlink-arm64-${{ github.sha }}
          fail-on-cache-miss: true

      - name: Merge images for both architectures
        uses: ./.github/actions/goreleaser-build-sign-publish
        with:
          docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
          docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
          goreleaser-release-type: "merge"
          goreleaser-config: .goreleaser.develop.yaml
          goreleaser-key: ${{ secrets.GORELEASER_KEY }}

  split:
    name: "split-${{ matrix.goarch }}"
    needs: image-tag
    runs-on: ${{ matrix.runner }}
    permissions:
      id-token: write
      contents: read
    strategy:
      fail-fast: false
      matrix:
        include:
          - runner: ubuntu-latest
            goarch: amd64
            dist_name: linux_amd64_v1

          - runner: ubuntu-24.04-4cores-16GB-ARM
            goarch: arm64
            dist_name: linux_arm64
    steps:
      - name: Checkout repository
        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
        with:
          ref: ${{ env.GIT_REF }}
          fetch-depth: 0

      - name: Configure aws credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_IAM_ROLE_PUBLISH_PR_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}
          mask-aws-account-id: true
          role-session-name: "split-${{ matrix.goarch }}"

      - id: cache
        uses: actions/cache@v4
        with:
          path: dist/${{ matrix.dist_name }}
          key: chainlink-${{ matrix.goarch }}-${{ github.sha }}

      - name: Build images for ${{ matrix.goarch }}
        uses: ./.github/actions/goreleaser-build-sign-publish
        if: steps.cache.outputs.cache-hit != 'true'
        with:
          docker-registry: ${{ secrets.AWS_SDLC_ECR_HOSTNAME }}
          docker-image-tag: ${{ needs.image-tag.outputs.image-tag }}
          goreleaser-release-type: ${{ needs.image-tag.outputs.release-type }}
          goreleaser-config: .goreleaser.develop.yaml
          goreleaser-key: ${{ secrets.GORELEASER_KEY }}

      - name: Collect Metrics
        if: always()
        id: collect-gha-metrics
        uses: smartcontractkit/push-gha-metrics-action@d9da21a2747016b3e13de58c7d4115a3d5c97935 # v3.0.1
        with:
          id: goreleaser-build-publish
          org-id: ${{ secrets.GRAFANA_INTERNAL_TENANT_ID }}
          basic-auth: ${{ secrets.GRAFANA_INTERNAL_BASIC_AUTH }}
          hostname: ${{ secrets.GRAFANA_INTERNAL_HOST }}
          this-job-name: "split-${{ matrix.goarch }}"
        continue-on-error: true

  image-tag:
    runs-on: ubuntu-latest
    outputs:
      image-tag: ${{ steps.get-image-tag.outputs.image-tag }}
      release-type: ${{ steps.get-image-tag.outputs.release-type }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          ref: ${{ env.GIT_REF }}

      - name: Get image tag
        id: get-image-tag
        run: |
          short_sha=$(git rev-parse --short HEAD)
          echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
          if [[ ${{ github.event_name }} == 'push' ]]; then
            echo "image-tag=develop" | tee -a $GITHUB_OUTPUT
            echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
          elif [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
            echo "image-tag=${short_sha}" | tee -a $GITHUB_OUTPUT
              if [[ "${{ inputs.build-publish }}" == 'false' ]]; then
                echo "release-type=snapshot" | tee -a $GITHUB_OUTPUT
              else
                echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
            fi
          else
            if [[ ${{ github.event_name }} == "pull_request" ]]; then
              echo "image-tag=pr-${{ github.event.number }}-${short_sha}" | tee -a $GITHUB_OUTPUT
              if [[ ${{ contains(github.event.pull_request.labels.*.name, 'build-publish') }} == "true" ]]; then
                echo "release-type=nightly" | tee -a $GITHUB_OUTPUT
              fi
            fi
          fi