# Home Assistant Operating System release build workflow

name: Release build

on:
  release:
    types: [published]

jobs:
  validate_release:
    name: Validate release
    runs-on: [ "ubuntu-20.04" ]
    outputs:
      version: ${{ steps.version_check.outputs.version }}
      version_dev: ${{ steps.version_check.outputs.version_dev }}
      matrix: ${{ steps.generate_matrix.outputs.result }}
    steps:
      - uses: actions/checkout@v3
      - name: Validate version
        id: version_check
        run: |
          major=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_MAJOR | cut -d'=' -f2)
          build=$(cat ${GITHUB_WORKSPACE}/buildroot-external/meta | grep VERSION_BUILD | cut -d'=' -f2)
          tag_major=$(echo "${{ github.event.release.tag_name }}" | cut -d '.' -f 1)
          tag_build=$(echo "${{ github.event.release.tag_name }}" | cut -d '.' -f 2)
          tag_dev=$(echo "${{ github.event.release.tag_name }}" | cut -d '.' -f 3)
          if [ "${major}.${build}" != "${tag_major}.${tag_build}" ]; then
            echo "Version number in Buildroot metadata is does not match tag (${major}.${build} vs ${{ github.event.release.tag_name }})."
            exit 1
          fi
          if [ "" != "${tag_dev}" ]; then
            echo "Note: Release build with custom dev part: ${tag_dev}."
            echo "::set-output name=version::${major}.${build}.${tag_dev}"
          else
            echo "::set-output name=version::${major}.${build}"
          fi
          echo "::set-output name=version_dev::${tag_dev}"
      - name: Create build matrix
        uses: actions/github-script@v6
        id: generate_matrix
        with:
          script: |
            const boards = require('./.github/workflows/matrix.json')
            return { "board": boards }

  build:
    permissions:
      contents: write  # for actions/upload-release-asset to upload release asset
    name: Release build for ${{ matrix.board.id }}
    needs: validate_release
    strategy:
      matrix: ${{ fromJson(needs.validate_release.outputs.matrix) }}
    runs-on: ${{ matrix.board.runner }}

    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3
        with:
          submodules: true

      - name: Build container
        run: docker build -t haos-builder .

      - name: 'Add release PKI certs'
        env:
          RAUC_CERTIFICATE: ${{ secrets.RAUC_CERTIFICATE }}
          RAUC_PRIVATE_KEY: ${{ secrets.RAUC_PRIVATE_KEY }}
        run: |
          echo -e "-----BEGIN CERTIFICATE-----\n${RAUC_CERTIFICATE}\n-----END CERTIFICATE-----" > cert.pem
          echo -e "-----BEGIN PRIVATE KEY-----\n${RAUC_PRIVATE_KEY}\n-----END PRIVATE KEY-----" > key.pem

      - name: Build
        run: |
          BUILDER_UID="$(id -u)"
          BUILDER_GID="$(id -g)"
          docker run --rm --privileged -v "${GITHUB_WORKSPACE}:/build" \
            -e BUILDER_UID="${BUILDER_UID}" -e BUILDER_GID="${BUILDER_GID}" \
            -v "${{ matrix.board.runner }}-build-cache:/cache" \
            -v "/build/output" \
            haos-builder make BUILDDIR=/build VERSION_DEV=${{ needs.validate_release.outputs.version_dev }} ${{ matrix.board.defconfig }}

      - name: Upload disk image
        if: ${{ matrix.board.id != 'ova' }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.img.xz
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.img.xz
          asset_content_type: application/x-xz

      - name: Upload rauc update
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.raucb
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.raucb
          asset_content_type: application/octet-stream

      - name: Upload ova image
        if: ${{ matrix.board.id == 'ova' }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.ova
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.ova
          asset_content_type: application/x-tar

      - name: Upload qcow2 image
        if: ${{ matrix.board.id == 'ova' || matrix.board.id == 'generic-aarch64' }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.qcow2.xz
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.qcow2.xz
          asset_content_type: application/x-xz

      - name: Upload vdi image
        if: ${{ matrix.board.id == 'ova' }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.vdi.zip
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.vdi.zip
          asset_content_type: application/zip

      - name: Upload vhdx image
        if: ${{ matrix.board.id == 'ova' }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.vhdx.zip
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.vhdx.zip
          asset_content_type: application/zip

      - name: Upload vmdk image
        if: ${{ matrix.board.id == 'ova' || matrix.board.id == 'generic-aarch64' }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ github.event.release.upload_url }}
          asset_path: ${{ github.workspace }}/release/haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.vmdk.zip
          asset_name: haos_${{ matrix.board.id }}-${{ needs.validate_release.outputs.version }}.vmdk.zip
          asset_content_type: application/zip

  bump_version:
    name: Bump dev version to ${{ needs.validate_release.outputs.version }}
    needs: [ build, validate_release ]
    runs-on: [ "ubuntu-20.04" ]

    steps:
    - name: Initialize git
      uses: home-assistant/actions/helpers/git-init@master
      with:
        name: ${{ secrets.GIT_NAME }}
        email: ${{ secrets.GIT_EMAIL }}
        token: ${{ secrets.GIT_TOKEN }}

    - name: Bump Home Assistant OS beta version
      uses: home-assistant/actions/helpers/version-push@master
      with:
        key: "hassos[]"
        key-description: "Home Assistant OS"
        version: ${{ needs.validate_release.outputs.version }}
        channel: "beta"