.cirrus.yml

---

# Ref: https://cirrus-ci.org/guide/writing-tasks/

# Global environment variables
env:
    # Name of the typical destination branch for PRs.
    DEST_BRANCH: "main"

# Execute all unit-tests in the repo
cirrus-ci/unit-test_task:
    only_if: &not_docs $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*'
    # Default task runtime environment
    container: &ci_container
        dockerfile: ci/Dockerfile
        cpu: 1
        memory: 1
    env:
        CIRRUS_CLONE_DEPTH: 0
    script:
        - git fetch --tags |& tee /tmp/test_output.log
        - $CIRRUS_WORKING_DIR/bin/run_all_tests.sh |& tee -a $CIRRUS_WORKING_DIR/output.log
    always:
        test_output_artifacts:
            path: '*.log'

cirrus-ci/renovate_validation_task:
    only_if: *not_docs
    container:
        image: "ghcr.io/renovatebot/renovate:latest"
    preset_validate_script:
        - renovate-config-validator $CIRRUS_WORKING_DIR/renovate/defaults.json5
    repo_validate_script:
        - renovate-config-validator $CIRRUS_WORKING_DIR/.github/renovate.json5

# This is the same setup as used for Buildah CI
gcp_credentials: ENCRYPTED[fc95bcc9f4506a3b0d05537b53b182e104d4d3979eedbf41cf54205be6397ca0bce0831d0d47580cf578dae5776548a5]

cirrus-ci/build-push_test_task:
    only_if: *not_docs
    container: *ci_container
    depends_on:
        - cirrus-ci/unit-test
    gce_instance:
        cpu: 2
        memory: "4Gb"
        disk: 200  # Gigabytes, do not set less as per gcloud warning message
                   # re: I/O performance
        # This repo. is subsequently used in and for building custom VM images
        # in containers/automation_images.  Avoid circular dependencies by using
        # only stock, google-managed generic image.  This also avoids needing to
        # update custom-image last-used timestamps.
        image_project: centos-cloud
        image_family: centos-stream-9
    timeout_in: 30
    env:
        CIMG: quay.io/buildah/stable:latest
        TEST_FQIN: quay.io/buildah/do_not_use
        # Robot account credentials for test-push to
        # $TEST_FQIN registry by build-push/test/testbuilds.sh
        BUILDAH_USERNAME: ENCRYPTED[53fd8becb599dda19f335d65cb067c46da3f0907eb83281a10554def11efc89925f7ca145ba7436afc3c32d936575142]
        BUILDAH_PASSWORD: ENCRYPTED[aa6352251eba46e389e4cfc6e93eee3852008ecff67b940cba9197fd8bf95de15d498a6df2e7d5edef052e97d9b93bf0]
    setup_script:
        - dnf install -y podman
        - bash build-push/test/qemusetup.sh
        - >-
            podman run --detach --name=buildah
            --net=host --ipc=host --pid=host
            --cgroupns=host --privileged
            --security-opt label=disable
            --security-opt seccomp=unconfined
            --device /dev/fuse:rw
            -v $PWD:$PWD:Z -w $PWD
            -e BUILD_PUSH_TEST_BUILDS=true
            -e CIRRUS_CI -e TEST_FQIN
            -e BUILDAH_USERNAME -e BUILDAH_PASSWORD
            $CIMG
            sh -c 'while true ;do sleep 2h ; done'
        - podman exec -i buildah dnf install -y jq skopeo
    test_script:
        - podman exec -i buildah ./build-push/test/run_all_tests.sh


# Represent primary Cirrus-CI based testing (Required for merge)
cirrus-ci/success_task:
    container: *ci_container
    depends_on: &everything
        - cirrus-ci/unit-test
        - cirrus-ci/build-push_test
        - cirrus-ci/renovate_validation
    clone_script: mkdir -p "$CIRRUS_WORKING_DIR"
    script: >-
        echo "Required for Action Workflow: https://github.com/${CIRRUS_REPO_FULL_NAME}/actions/runs/${GITHUB_CHECK_SUITE_ID}"


# Represent secondary Github Action based testing (Required for merge)
# N/B: NO other task should depend on this task. Doing so will prevent
#      the cirrus-ci_retrospective github action.  This is because the
#      action trigers `on: check-suite: completed` event, which cannot
#      fire since the manual task has dependencies that cannot be
#      satisfied.
github-actions/success_task:
    container: *ci_container
    # Note: ***DO NOT*** manually trigger this task under normal circumstances.
    #       It is triggered automatically by the cirrus-ci_retrospective
    #       Github Action.  This action is responsible for testing the PR changes
    #       to the action itself.
    trigger_type: manual
    # Only required for PRs, never tag or branch testing
    only_if: $CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*' && $CIRRUS_PR != ''
    depends_on: *everything
    clone_script: mkdir -p "$CIRRUS_WORKING_DIR"
    script: >-
        echo "Triggered by Github Action Workflow: https://github.com/${CIRRUS_REPO_FULL_NAME}/actions/runs/${GITHUB_CHECK_SUITE_ID}"