falco/.github/workflows/master.yaml

name: Dev Packages and Docker images
on:
  push:
    branches: [master]

permissions:
  contents: read

# Checks if any concurrent jobs is running for master CI and eventually cancel it
concurrency:
  group: ci-master
  cancel-in-progress: true

jobs:
  fetch-version:
    uses: ./.github/workflows/reusable_fetch_version.yaml 

  build-dev-packages:
    needs: [fetch-version]
    uses: ./.github/workflows/reusable_build_packages.yaml
    with:
      arch: x86_64
      version: ${{ needs.fetch-version.outputs.version }}
    secrets: inherit
  
  build-dev-packages-arm64:
    needs: [fetch-version]
    uses: ./.github/workflows/reusable_build_packages.yaml
    with:
      arch: aarch64
      version: ${{ needs.fetch-version.outputs.version }}
    secrets: inherit

  test-dev-packages:
    needs: [fetch-version, build-dev-packages]
    uses: ./.github/workflows/reusable_test_packages.yaml
    # See https://github.com/falcosecurity/falco/pull/3482
    # Since musl build does not support dynamically loaded plugins,
    # many tests would fail (the ones using `container.foo` fields).
    # Disable tests on static builds for now.
#    strategy:
#      fail-fast: false
#      matrix:
#        static: ["static", ""]
    with:
      arch: x86_64
#      static: ${{ matrix.static != '' && true || false }}
      version: ${{ needs.fetch-version.outputs.version }}
  
  test-dev-packages-arm64:
    needs: [fetch-version, build-dev-packages-arm64]
    uses: ./.github/workflows/reusable_test_packages.yaml
    with:
      arch: aarch64
      version: ${{ needs.fetch-version.outputs.version }}

  publish-dev-packages:
    needs: [fetch-version, test-dev-packages, test-dev-packages-arm64]
    permissions:
      id-token: write
      contents: read
    uses: ./.github/workflows/reusable_publish_packages.yaml
    with:
      bucket_suffix: '-dev'
      version: ${{ needs.fetch-version.outputs.version }}
    secrets: inherit
  
  build-dev-docker:
    needs: [fetch-version, publish-dev-packages]
    uses: ./.github/workflows/reusable_build_docker.yaml
    with:
      arch: x86_64
      bucket_suffix: '-dev'
      version: ${{ needs.fetch-version.outputs.version }}
      tag: master
    secrets: inherit
    
  build-dev-docker-arm64:
    needs: [fetch-version, publish-dev-packages]
    uses: ./.github/workflows/reusable_build_docker.yaml
    with:
      arch: aarch64
      bucket_suffix: '-dev'
      version: ${{ needs.fetch-version.outputs.version }}
      tag: master
    secrets: inherit
    
  publish-dev-docker:
    needs: [fetch-version, build-dev-docker, build-dev-docker-arm64]
    permissions:
      attestations: write
      id-token: write
      contents: read
    uses: ./.github/workflows/reusable_publish_docker.yaml
    with:
      tag: master
    secrets: inherit