.github/workflows/publish-package.yml

name: Publish Zarf Package

on:
  workflow_call:

permissions:
  contents: read
  packages: write
  id-token: write

jobs:
  build-and-publish-package:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.PAT }}
          repository: ${{ github.repository }}
          ref: ${{ github.ref_name }}

      - name: Login to Registry1
        uses: docker/login-action@v3
        with:
          registry: registry1.dso.mil
          username: ${{ secrets.REGISTRY1_USERNAME }}
          password: ${{ secrets.REGISTRY1_PASSWORD }}

      - name: Init zarf cache
        uses: actions/cache@v3
        with:
          path: "~/.zarf-cache"
          key: zarf-cache

      - name: Free GH runner build space
        run: |
          df -h
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /usr/local/lib/android
          sudo rm -rf /opt/ghc
          sudo rm -rf /opt/hostedtoolcache/CodeQL
          sudo docker image prune --all --force
          df -h

      - name: Install zarf
        uses: supplypike/setup-bin@v3
        with:
          # renovate: zarf-uri datasource=github-tags depName=defenseunicorns/zarf
          uri: 'https://github.com/defenseunicorns/zarf/releases/download/v0.32.2/zarf_v0.32.2_Linux_amd64'
          name: 'zarf'
          # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
          version: 'v0.32.2'

      - name: Build gitlab-runner package
        run: zarf package create --confirm --no-progress

      - name: Run E2E Tests
        uses: ./.github/actions/e2e
        with:
          token: ${{ secrets.PAT }}
          role-to-assume: ${{ secrets.AWS_COMMERCIAL_ROLE_TO_ASSUME }}
          region: ${{ vars.AWS_REGION }}
          github-context: "test / e2e (${{github.event_name}})"
          aws-availability-zone: ${{ vars.AWS_AVAILABILITY_ZONE }}
          registry1-username: ${{ secrets.REGISTRY1_USERNAME }}
          registry1-password: ${{ secrets.REGISTRY1_PASSWORD }}

      - name: Login to GHCR
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      ####
      # Build and publish packages
      ####
      - name: Build and publish dev-dependency gitlab runner rbac package
        run: cd utils/pkg-deps/rbac && zarf package create --confirm --no-progress --output oci://ghcr.io/defenseunicorns/uds-capability/gitlab-runner/dev-dependency

      - name: Publish gitlab runner package
        run: zarf package publish zarf-package-gitlab-runner-amd64-*.tar.zst oci://ghcr.io/defenseunicorns/uds-capability --no-progress

      - name: Publish gitlab runner skeleton
        run: zarf package publish . oci://ghcr.io/defenseunicorns/uds-capability