name: CI | Run kubernetes tests on AKS
on:
  workflow_call:
    inputs:
      tarball-suffix:
        required: false
        type: string
      registry:
        required: true
        type: string
      repo:
        required: true
        type: string
      tag:
        required: true
        type: string
      pr-number:
        required: true
        type: string
      commit-hash:
        required: false
        type: string
      target-branch:
        required: false
        type: string
        default: ""

jobs:
  run-k8s-tests:
    strategy:
      fail-fast: false
      matrix:
        host_os:
          - ubuntu
        vmm:
          - clh
          - dragonball
          - qemu
          - qemu-runtime-rs
          - stratovirt
          - cloud-hypervisor
        instance-type:
          - small
          - normal
        include:
          - host_os: cbl-mariner
            vmm: clh
            instance-type: small
            genpolicy-pull-method: oci-distribution
            auto-generate-policy: yes
          - host_os: cbl-mariner
            vmm: clh
            instance-type: small
            genpolicy-pull-method: containerd
            auto-generate-policy: yes
          - host_os: cbl-mariner
            vmm: clh
            instance-type: normal
            auto-generate-policy: yes
    runs-on: ubuntu-22.04
    env:
      DOCKER_REGISTRY: ${{ inputs.registry }}
      DOCKER_REPO: ${{ inputs.repo }}
      DOCKER_TAG: ${{ inputs.tag }}
      GH_PR_NUMBER: ${{ inputs.pr-number }}
      KATA_HOST_OS: ${{ matrix.host_os }}
      KATA_HYPERVISOR: ${{ matrix.vmm }}
      KUBERNETES: "vanilla"
      USING_NFD: "false"
      K8S_TEST_HOST_TYPE: ${{ matrix.instance-type }}
      GENPOLICY_PULL_METHOD: ${{ matrix.genpolicy-pull-method }}
      AUTO_GENERATE_POLICY: ${{ matrix.auto-generate-policy }}
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ inputs.commit-hash }}
          fetch-depth: 0

      - name: Rebase atop of the latest target branch
        run: |
          ./tests/git-helper.sh "rebase-atop-of-the-latest-target-branch"
        env:
          TARGET_BRANCH: ${{ inputs.target-branch }}

      - name: get-kata-tarball
        uses: actions/download-artifact@v4
        with:
          name: kata-static-tarball-amd64${{ inputs.tarball-suffix }}
          path: kata-artifacts

      - name: Install kata
        run: bash tests/integration/kubernetes/gha-run.sh install-kata-tools kata-artifacts

      - name: Download Azure CLI
        run: bash tests/integration/kubernetes/gha-run.sh install-azure-cli

      - name: Log into the Azure account
        run: bash tests/integration/kubernetes/gha-run.sh login-azure
        env:
          AZ_APPID: ${{ secrets.AZ_APPID }}
          AZ_PASSWORD: ${{ secrets.AZ_PASSWORD }}
          AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
          AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}

      - name: Create AKS cluster
        uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
        with:
          timeout_minutes: 15
          max_attempts: 20
          retry_on: error
          retry_wait_seconds: 10
          command: bash tests/integration/kubernetes/gha-run.sh create-cluster

      - name: Install `bats`
        run: bash tests/integration/kubernetes/gha-run.sh install-bats

      - name: Install `kubectl`
        run: bash tests/integration/kubernetes/gha-run.sh install-kubectl

      - name: Download credentials for the Kubernetes CLI to use them
        run: bash tests/integration/kubernetes/gha-run.sh get-cluster-credentials

      - name: Deploy Kata
        timeout-minutes: 10
        run: bash tests/integration/kubernetes/gha-run.sh deploy-kata-aks

      - name: Run tests
        timeout-minutes: 60
        run: bash tests/integration/kubernetes/gha-run.sh run-tests

      - name: Delete AKS cluster
        if: always()
        run: bash tests/integration/kubernetes/gha-run.sh delete-cluster