---
name: build_vault

# This workflow is intended to be called by the build workflow for each Vault
# binary that needs to be built and packaged. The ci make targets that are
# utilized automatically determine build metadata and handle building and
# packing vault.

on:
  workflow_call:
    inputs:
      cgo-enabled:
        type: string
        default: 0
      create-packages:
        type: boolean
        default: true
      goos:
        required: true
        type: string
      goarch:
        required: true
        type: string
      go-tags:
        type: string
      package-name:
        type: string
        default: vault
      vault-version:
        type: string
        required: true
      web-ui-cache-key:
        type: string
        required: true

jobs:
  build:
    runs-on: custom-linux-xl-vault-latest
    name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }}
    steps:
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      - uses: ./.github/actions/set-up-go
        with:
          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
      - name: Restore UI from cache
        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
        with:
          # Restore the UI asset from the UI build workflow. Never use a partial restore key.
          enableCrossOsArchive: true
          fail-on-cache-miss: true
          path: http/web_ui
          key: ${{ inputs.web-ui-cache-key }}
      - name: Build Vault
        env:
          GO_TAGS: ${{ inputs.go-tags }}
          CGO_ENABLED: ${{ inputs.cgo-enabled }}
          GOARCH: ${{ inputs.goarch }}
          GOOS: ${{ inputs.goos }}
          VERSION: ${{ inputs.vault-version }}
        run:
            make ci-build
      - name: Determine artifact basename
        env:
          GOARCH: ${{ inputs.goarch }}
          GOOS: ${{ inputs.goos }}
          VERSION: ${{ inputs.vault-version }}
        run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> "$GITHUB_ENV"
      - name: Bundle Vault
        env:
          BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip
        run: make ci-bundle
      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: ${{ env.ARTIFACT_BASENAME }}.zip
          path: out/${{ env.ARTIFACT_BASENAME }}.zip
          if-no-files-found: error
      - if: ${{ inputs.create-packages }}
        uses: hashicorp/actions-packaging-linux@v1
        with:
          name: ${{ github.event.repository.name }}
          description: Vault is a tool for secrets management, encryption as a service, and privileged access management.
          arch: ${{ inputs.goarch }}
          version: ${{ inputs.vault-version }}
          maintainer: HashiCorp
          homepage: https://github.com/hashicorp/vault
          license: MPL-2.0
          binary: dist/${{ inputs.package-name }}
          deb_depends: openssl
          rpm_depends: openssl
          config_dir: .release/linux/package/
          preinstall: .release/linux/preinst
          postinstall: .release/linux/postinst
          postremove: .release/linux/postrm
      - if: ${{ inputs.create-packages }}
        name: Determine package file names
        run: |
          echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
          echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
      - if: ${{ inputs.create-packages }}
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: ${{ env.RPM_PACKAGE }}
          path: out/${{ env.RPM_PACKAGE }}
          if-no-files-found: error
      - if: ${{ inputs.create-packages }}
        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: ${{ env.DEB_PACKAGE }}
          path: out/${{ env.DEB_PACKAGE }}
          if-no-files-found: error