name: nightly
on:
  workflow_dispatch:
  schedule:
  - cron: "0 10 * * *"
permissions:
  contents: read
jobs:
  server:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        arch:
        - x86_64
        - aarch64
    env:
      TARGET_ARCH: "${{ matrix.arch }}"
    name: nightly server ${{ matrix.arch }}
    steps:
    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
      with:
        egress-policy: audit
    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        submodules: recursive
    - uses: moonrepo/setup-rust@d8048d4fdff0633123678b093726e6d7c8ad6de5 # v1
      with:
        targets: "${{ matrix.arch }}-unknown-linux-gnu,${{ matrix.arch }}-unknown-linux-musl"
    - run: ./hack/ci/install-linux-deps.sh
    - run: ./hack/dist/bundle.sh
    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
      with:
        name: krata-bundle-systemd-${{ matrix.arch }}
        path: "target/dist/bundle-systemd-${{ matrix.arch }}.tgz"
        compression-level: 0
    - run: ./hack/dist/deb.sh
    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
      with:
        name: krata-debian-${{ matrix.arch }}
        path: "target/dist/*.deb"
        compression-level: 0
    - run: ./hack/dist/apk.sh
      env:
        KRATA_KERNEL_BUILD_SKIP: "1"
    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
      with:
        name: krata-alpine-${{ matrix.arch }}
        path: "target/dist/*_${{ matrix.arch }}.apk"
        compression-level: 0
    - run: ./hack/os/build.sh
    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
      with:
        name: krata-os-${{ matrix.arch }}
        path: "target/os/krata-${{ matrix.arch }}.qcow2"
        compression-level: 0
  client:
    strategy:
      fail-fast: false
      matrix:
        platform:
        - { os: linux, arch: x86_64, on: ubuntu-latest, deps: linux }
        - { os: linux, arch: aarch64, on: ubuntu-latest, deps: linux }
        - { os: darwin, arch: x86_64, on: macos-14, deps: darwin }
        - { os: darwin, arch: aarch64, on: macos-14, deps: darwin }
        - { os: freebsd, arch: x86_64, on: ubuntu-latest, deps: linux }
        - { os: windows, arch: x86_64, on: windows-latest, deps: windows }
    env:
      TARGET_OS: "${{ matrix.platform.os }}"
      TARGET_ARCH: "${{ matrix.platform.arch }}"
    runs-on: "${{ matrix.platform.on }}"
    name: nightly client ${{ matrix.platform.os }}-${{ matrix.platform.arch }}
    defaults:
      run:
        shell: bash
    steps:
    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
      with:
        egress-policy: audit
    - run: git config --global core.autocrlf false && git config --global core.eol lf
      if: ${{ matrix.platform.os == 'windows' }}
    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        submodules: recursive
    - uses: moonrepo/setup-rust@d8048d4fdff0633123678b093726e6d7c8ad6de5 # v1
      if: ${{ matrix.platform.os != 'darwin' }}
    - uses: moonrepo/setup-rust@d8048d4fdff0633123678b093726e6d7c8ad6de5 # v1
      with:
        targets: "${{ matrix.platform.arch }}-apple-darwin"
      if: ${{ matrix.platform.os == 'darwin' }}
    - uses: homebrew/actions/setup-homebrew@4b34604e75af8f8b23b454f0b5ffb7c5d8ce0056 # master
      if: ${{ matrix.platform.os == 'darwin' }}
    - run: ./hack/ci/install-${{ matrix.platform.deps }}-deps.sh
    - run: ./hack/build/cargo.sh build --release --bin kratactl
    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
      with:
        name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
        path: "target/*/release/kratactl"
      if: ${{ matrix.platform.os != 'windows' }}
    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
      with:
        name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
        path: "target/*/release/kratactl.exe"
      if: ${{ matrix.platform.os == 'windows' }}
  oci:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        component:
        - kratactl
        - kratad
        - kratanet
        - krata-guest-init
    name: "oci build ${{ matrix.component }}"
    permissions:
      packages: write
    steps:
    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
      with:
        egress-policy: audit
    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
      with:
        submodules: recursive
    - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
    - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
    - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
      with:
        registry: ghcr.io
        username: "${{ github.actor }}"
        password: "${{ secrets.GITHUB_TOKEN }}"
    - uses: docker/build-push-action@a254f8ca60a858f3136a2f1f23a60969f2c402dd # v6.4.0
      id: push
      with:
        file: ./images/Dockerfile.${{ matrix.component }}
        platforms: linux/amd64,linux/aarch64
        tags: "ghcr.io/edera-dev/${{ matrix.component }}:nightly"
        push: true
    - env:
        DIGEST: "${{ steps.push.outputs.digest }}"
        TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:nightly"
        COSIGN_EXPERIMENTAL: "true"
      run: cosign sign --yes "${TAGS}@${DIGEST}"