---
name: runc

on:
  push:
    branches:
      - master

env:
  UPSTREAM_REPO: https://github.com/opencontainers/runc
  UPSTREAM_VER: '1.3.0'
  EXTRA_VER: r4u2

jobs:
  build:
    strategy:
      matrix:
        platform:
          - arch: amd64
            image: node-24
          # - arch: arm64
          #   image: node-24-arm64

    runs-on: ${{ matrix.platform.image }}
    timeout-minutes: 20

    steps:
      - name: checkout runc
        env:
          TAG: 'v${{ env.UPSTREAM_VER }}'
        run: |
          git config --global --add safe.directory $PWD
          git init
          git remote add origin "$UPSTREAM_REPO"
          git config --local gc.auto 0
          git fetch --depth=1 --no-tags --prune origin refs/tags/$TAG
          git checkout FETCH_HEAD

      - name: install build requirements
        run: |
          # needed for golang-1.23-go
          echo 'deb http://deb.debian.org/debian bookworm-backports main' \
            >>/etc/apt/sources.list
          apt update
          apt install --assume-yes \
            build-essential libseccomp-dev git ruby golang-1.23-go go-md2man
          gem install fpm
          echo "PATH=/usr/lib/go-1.23/bin:$PATH" >>$GITHUB_ENV

      - run: make static
      - run: make man

      - name: gzip text assets
        run: |
          for f in README.md CHANGELOG.md docs/*.md man/man8/*; do
            gzip -kv "$f"
          done

      - name: build deb
        run: |
          fpm \
            --input-type dir \
            --output-type deb \
            --name runc \
            --vendor robo4you \
            --maintainer 'Christoph Heiss <christoph.heiss@robo4you.at>' \
            --description 'CLI tool for spawning and running containers according to the OCI specification' \
            --url "$UPSTREAM_REPO" \
            --version "$UPSTREAM_VER" \
            --iteration "$EXTRA_VER" \
            --deb-priority medium \
            --deb-dist bookworm \
            --deb-upstream-changelog CHANGELOG.md \
            --depends 'libc6 >= 2.34' \
            --depends 'libseccomp2 >= 2.5.0' \
            --deb-recommends criu \
            runc=usr/bin/runc \
            runc=usr/sbin/runc \
            contrib/completions/bash/runc=usr/share/bash-completion/completions/runc \
            NOTICE=usr/share/doc/runc/NOTICE \
            README.md.gz=usr/share/doc/runc/README.md.gz \
            CHANGELOG.md.gz=usr/share/doc/runc/CHANGELOG.md.gz \
            docs/cgroup-v2.md.gz=usr/share/doc/runc/cgroup-v2.md.gz \
            docs/experimental.md.gz=usr/share/doc/runc/experimental.md.gz \
            docs/spec-conformance.md.gz=usr/share/doc/runc/spec-conformance.md.gz \
            docs/terminals.md.gz=usr/share/doc/runc/terminals.md.gz \
            docs/checkpoint-restore.md.gz=usr/share/doc/runc/checkpoint-restore.md.gz \
            docs/Security-Audit.pdf=usr/share/doc/runc/Security-Audit.pdf \
            docs/systemd.md.gz=usr/share/doc/runc/systemd.md.gz \
            man/man8/runc.8.gz=usr/share/man/man8/runc.8.gz \
            man/man8/runc-checkpoint.8.gz=usr/share/man/man8/runc-checkpoint.8.gz \
            man/man8/runc-create.8.gz=usr/share/man/man8/runc-create.8.gz \
            man/man8/runc-delete.8.gz=usr/share/man/man8/runc-delete.8.gz \
            man/man8/runc-events.8.gz=usr/share/man/man8/runc-events.8.gz \
            man/man8/runc-exec.8.gz=usr/share/man/man8/runc-exec.8.gz \
            man/man8/runc-kill.8.gz=usr/share/man/man8/runc-kill.8.gz \
            man/man8/runc-list.8.gz=usr/share/man/man8/runc-list.8.gz \
            man/man8/runc-pause.8.gz=usr/share/man/man8/runc-pause.8.gz \
            man/man8/runc-ps.8.gz=usr/share/man/man8/runc-ps.8.gz \
            man/man8/runc-restore.8.gz=usr/share/man/man8/runc-restore.8.gz \
            man/man8/runc-resume.8.gz=usr/share/man/man8/runc-resume.8.gz \
            man/man8/runc-run.8.gz=usr/share/man/man8/runc-run.8.gz \
            man/man8/runc-spec.8.gz=usr/share/man/man8/runc-spec.8.gz \
            man/man8/runc-start.8.gz=usr/share/man/man8/runc-start.8.gz \
            man/man8/runc-state.8.gz=usr/share/man/man8/runc-state.8.gz \
            man/man8/runc-update.8.gz=usr/share/man/man8/runc-update.8.gz \

          echo "DEBFILE=runc_${UPSTREAM_VER}-${EXTRA_VER}_${{ matrix.platform.arch }}.deb" \
            >>$GITHUB_ENV

      - name: print packages contents
        run: |
          echo "$DEBFILE:"
          dpkg-deb -c "$DEBFILE"
          echo

      - name: print packages control info
        run: |
          echo "$DEBFILE:"
          dpkg-deb -e "$DEBFILE"
          cat DEBIAN/control

      # https://forgejo.org/docs/latest/user/packages/debian/#publish-a-package
      - name: push deb to apt repository
        if: github.ref == 'refs/heads/master'
        env:
          REPO: ${{ github.repository }}
          TAG: ${{ steps.tag.outputs.tag }}
        run: |
          url="$GITHUB_SERVER_URL/api/packages/${{ github.repository_owner }}/debian/pool/bookworm/robo4you/upload"
          echo "api url: $url"

          echo "uploading file: $DEBFILE"

          curl --fail-with-body \
            -X PUT \
            --user "oauth2:${{ secrets.PACKAGE_REGISTRY_TOKEN }}" \
            --upload-file "$DEBFILE" \
            "$url"

          echo "final url: $GITHUB_SERVER_URL/${{ github.repository_owner }}/-/packages/debian/runc/${debver}"