.github/workflows/build.yaml

name: build
on:
  pull_request:
    branches:
      - master
  push:
    branches:
      - master

permissions:
  contents: read
  packages: write
  pull-requests: write

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 60
    strategy:
      matrix:
        enable:
          - PROCESS_AGENT=0 SECURITY_AGENT=0 TRACE_AGENT=0 BUILD_INTEGRATIONS_BUILDER=1
          - PROCESS_AGENT=1 SECURITY_AGENT=0 TRACE_AGENT=0
          - PROCESS_AGENT=1 SECURITY_AGENT=0 TRACE_AGENT=1
          - PROCESS_AGENT=1 SECURITY_AGENT=1 TRACE_AGENT=1
    steps:
      - name: Free disk space
        run: |
          sudo rm -rf /usr/share/dotnet
          sudo rm -rf /opt/ghc
          sudo rm -rf "/usr/local/share/boost"
          sudo rm -rf "${AGENT_TOOLSDIRECTORY}"
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup environment variables
        run: |
          echo ${{ matrix.enable }} \
            | xargs -n1 echo \
            | xargs -n1 -I{} echo ENABLE_{} >> ${GITHUB_ENV}

      - name: Cache docker layers
        uses: actions/cache@v3
        with:
          path: /tmp/layer-cache
          key: layer-cache-${{ matrix.enable }}-${{ hashFiles('*Dockerfile') }}
          restore-keys: |
            layer-cache-${{ matrix.enable }}-
            layer-cache-

      - name: Get image tag
        id: tag
        run: make show-image-tag
      - name: Prepare cache and pull latest release to reuse layers
        uses: seqsense/sq-actions/buildx-pull@main
        id: layer-cache
        with:
          IMAGES: |
            ghcr.io/${{ github.repository_owner }}/${{ steps.tag.outputs.tag }}
            ghcr.io/${{ github.repository_owner }}/${{ steps.tag.outputs.tag }}-integrations-builder

      - name: Set up Docker Buildx for enabling cache exporters
        uses: docker/setup-buildx-action@v3
        with:
          driver: docker-container
          driver-opts: network=host

      - name: Build images
        timeout-minutes: 45
        env:
          BUILDX_OPTS: >-
            ${{ steps.layer-cache.outputs.buildx-opts }}
            --cache-from type=local,src=/tmp/layer-cache/main
            --cache-to type=local,mode=max,dest=/tmp/layer-cache/main
        run: make docker-build BUILD_OPTS="${BUILD_OPTS}"
      - name: Embed inline cache
        timeout-minutes: 5
        env:
          BUILDX_OPTS: >-
            --load
            --cache-from type=local,src=/tmp/layer-cache/main
            --cache-to type=inline
        run: make docker-build BUILD_OPTS="${BUILD_OPTS}"
      - name: Get image tag
        id: full-tag
        run: make show-image-full-tag

      - name: Build integrations-builder
        if: env.ENABLE_BUILD_INTEGRATIONS_BUILDER == 1
        env:
          BUILDX_OPTS: >-
            --build-arg BASE_IMAGE_PREFIX=${{ steps.layer-cache.outputs.registry-addr }}/
            ${{ steps.layer-cache.outputs.buildx-opts }}
            --cache-from type=local,src=/tmp/layer-cache/main
            --cache-from type=local,src=/tmp/layer-cache/integ
            --cache-to type=local,mode=max,dest=/tmp/layer-cache/integ
        run: |
          docker tag \
            ${{ steps.tag.outputs.tag }} \
            ${{ steps.layer-cache.outputs.registry-addr }}/${{ steps.tag.outputs.tag }}
          docker push ${{ steps.layer-cache.outputs.registry-addr }}/${{ steps.tag.outputs.tag }}
          make docker-build-integrations-builder
      - name: Embed inline cache to integrations-builder
        if: env.ENABLE_BUILD_INTEGRATIONS_BUILDER == 1
        env:
          BUILDX_OPTS: >-
            --load
            --build-arg BASE_IMAGE_PREFIX=${{ steps.layer-cache.outputs.registry-addr }}/
            --cache-from type=local,src=/tmp/layer-cache/integ
            --cache-to type=inline
        run: make docker-build-integrations-builder

      - name: Login to GitHub Container Registry
        if: github.event_name == 'push' && github.ref == 'refs/heads/master'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Deploy
        if: github.event_name == 'push' && github.ref == 'refs/heads/master'
        run: |
          docker tag \
            ${{ steps.tag.outputs.tag }} \
            ghcr.io/${{ github.repository_owner }}/${{ steps.full-tag.outputs.full_tag }}
          docker push \
            ghcr.io/${{ github.repository_owner }}/${{ steps.full-tag.outputs.full_tag }}
          docker tag \
            ${{ steps.tag.outputs.tag }} \
            ghcr.io/${{ github.repository_owner }}/${{ steps.tag.outputs.tag }}
          docker push \
            ghcr.io/${{ github.repository_owner }}/${{ steps.tag.outputs.tag }}

      - name: Deploy integrations-builder
        if: github.event_name == 'push' && github.ref == 'refs/heads/master' && env.ENABLE_BUILD_INTEGRATIONS_BUILDER == 1
        run: |
          docker tag \
            ${{ steps.tag.outputs.tag }}-integrations-builder \
            ghcr.io/${{ github.repository_owner }}/${{ steps.full-tag.outputs.full_tag }}-integrations-builder
          docker push \
            ghcr.io/${{ github.repository_owner }}/${{ steps.full-tag.outputs.full_tag }}-integrations-builder

      - name: Notify failure
        uses: seqsense/sq-actions/notify-branch-build@main
        if: failure() && github.event_name == 'push'
        with:
          title: ":x: Release failed"