name: Integration tests for the release process

on:
  push:
    paths:
      - go.mod
      - Dockerfile
      - .forgejo/workflows/build-release.yml
      - .forgejo/workflows/build-release-integration.yml
    branches-ignore:
      - renovate/** # they are build via PR
  pull_request:
    paths:
      - go.mod
      - Dockerfile
      - .forgejo/workflows/build-release.yml
      - .forgejo/workflows/build-release-integration.yml

jobs:
  release-simulation:
    runs-on: lxc-bookworm
    if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-release'
    steps:
      - uses: actions/checkout@v4

      - id: forgejo
        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.4
        with:
          user: root
          password: admin1234
          image-version: 1.20
          lxc-ip-prefix: 10.0.9

      - name: publish
        run: |
          set -x

          version=1.2.3
          cat > /etc/docker/daemon.json <<EOF
            {
              "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"]
            }
          EOF
          systemctl restart docker

          dir=$(mktemp -d)
          trap "rm -fr $dir" EXIT

          url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"

          #
          # Create a new project with the runner and the release workflow only
          #
          rsync -a --exclude .git ./ $dir/
          rm $(find $dir/.forgejo/workflows/*.yml | grep -v build-release.yml)
          forgejo-test-helper.sh push $dir $url root runner
          sha=$(forgejo-test-helper.sh branch_tip $url root/runner main)

          #
          # Push a tag to trigger the release workflow and wait for it to complete
          #
          forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/runner/tags
          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/runner $sha

          #
          # uncomment to see the logs even when everything is reported to be working ok
          #
          #cat $FORGEJO_RUNNER_LOGS

          #
          # Minimal sanity checks. e2e test is for the setup-forgejo action
          #
          for arch in amd64 arm64 ; do
            binary=forgejo-runner-$version-linux-$arch
            for suffix in '' '.xz' ; do
              curl --fail -L -sS $url/root/runner/releases/download/v$version/$binary$suffix > $binary$suffix
              if test "$suffix" = .xz ; then
                 unxz --keep $binary$suffix
              fi
              chmod +x $binary
              ./$binary --version | grep $version
              curl --fail -L -sS $url/root/runner/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256
              shasum -a 256 --check $binary$suffix.sha256
              rm $binary$suffix
            done
          done

          docker pull ${{ steps.forgejo.outputs.host-port }}/root/runner:$version

          docker inspect ${{ steps.forgejo.outputs.host-port}}/root/runner:$version > labels.json
          python3 .forgejo/labelscompare.py