name: Release Kata Containers
on:
  workflow_call:
    inputs:
      release-type:
        required: true
        type: string

env:
  RELEASE_TYPE: ${{ inputs.release-type }}

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Get the new release version
        run: |
          release_version=$(./tools/packaging/release/release.sh next-release-version)
          echo "RELEASE_VERSION=$release_version" >> "$GITHUB_ENV"

      - name: Update VERSION file
        run: |
          ./tools/packaging/release/release.sh update-version-file

      - name: Create a new release
        run: |
          ./tools/packaging/release/release.sh create-new-release
        env:
          GH_TOKEN: ${{ github.token }}

  build-and-push-assets-amd64:
    needs: release
    uses: ./.github/workflows/release-amd64.yaml
    with:
      target-arch: amd64
    secrets: inherit

  build-and-push-assets-arm64:
    needs: release
    uses: ./.github/workflows/release-arm64.yaml
    with:
      target-arch: arm64
    secrets: inherit

  build-and-push-assets-s390x:
    needs: release
    uses: ./.github/workflows/release-s390x.yaml
    with:
      target-arch: s390x
    secrets: inherit

  build-and-push-assets-ppc64le:
    needs: release
    uses: ./.github/workflows/release-ppc64le.yaml
    with:
      target-arch: ppc64le
    secrets: inherit

  publish-multi-arch-images:
    runs-on: ubuntu-latest
    needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Login to Kata Containers docker.io
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Login to Kata Containers quay.io
        uses: docker/login-action@v2
        with:
          registry: quay.io
          username: ${{ secrets.QUAY_DEPLOYER_USERNAME }}
          password: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

      - name: Get the image tags
        run: |
          release_version=$(./tools/packaging/release/release.sh next-release-version)
          echo "KATA_DEPLOY_IMAGE_TAGS=$release_version latest" >> "$GITHUB_ENV"

      - name: Push multi-arch manifest
        run: |
          ./tools/packaging/release/release.sh publish-multiarch-manifest
        env:
          KATA_DEPLOY_REGISTRIES: "quay.io/kata-containers/kata-deploy docker.io/katadocker/kata-deploy"

  upload-multi-arch-static-tarball:
    needs: [build-and-push-assets-amd64, build-and-push-assets-arm64, build-and-push-assets-s390x, build-and-push-assets-ppc64le]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set KATA_STATIC_TARBALL env var
        run: |
          tarball=$(pwd)/kata-static.tar.xz
          echo "KATA_STATIC_TARBALL=${tarball}" >> "$GITHUB_ENV"

      - name: download-artifacts-amd64
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-amd64
      - name: push amd64 static tarball to github
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: amd64

      - name: download-artifacts-arm64
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-arm64
      - name: push arm64 static tarball to github
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: arm64

      - name: download-artifacts-s390x
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-s390x
      - name: push s390x static tarball to github
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: s390x

      - name: download-artifacts-ppc64le
        uses: actions/download-artifact@v3
        with:
          name: kata-static-tarball-ppc64le
      - name: push ppc64le static tarball to github
        run: |
          ./tools/packaging/release/release.sh upload-kata-static-tarball
        env:
          GH_TOKEN: ${{ github.token }}
          ARCHITECTURE: ppc64le

  upload-versions-yaml:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: upload versions.yaml
        run: |
          ./tools/packaging/release/release.sh upload-versions-yaml-file
        env:
          GH_TOKEN: ${{ github.token }}

  upload-cargo-vendored-tarball:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: generate-and-upload-tarball
        run: |
          ./tools/packaging/release/release.sh upload-vendored-code-tarball
        env:
          GH_TOKEN: ${{ github.token }}

  upload-libseccomp-tarball:
    needs: release
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: download-and-upload-tarball
        run: |
          ./tools/packaging/release/release.sh upload-libseccomp-tarball
        env:
          GH_TOKEN: ${{ github.token }}