ipxe/.github/workflows/ali-import.yml

name: Alibaba Cloud Import

on:
  push:
    branches:
      - alitest
  workflow_dispatch:

env:
  MAKEFLAGS: "-j4 GITVERSION=${{ github.sha }}"

jobs:

  build:
    name: Build / ${{ matrix.arch }}-${{ matrix.platform }}
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        include:
          - arch: arm64
            platform: efi
          - arch: x86_64
            platform: efi
          - arch: x86_64
            platform: pcbios
    container:
      image: ghcr.io/ipxe/ipxe-builder-${{ matrix.arch }}
    env:
      bindir: bin-${{ matrix.arch }}-${{ matrix.platform }}
    steps:

      - name: Check out code
        uses: actions/checkout@v6

      - name: Build
        working-directory: src
        run: |
          make CONFIG=cloud EMBED=config/cloud/ali.ipxe \
               ${{ env.bindir }}/ipxe.usb

      - name: Upload
        uses: actions/upload-artifact@v6
        with:
          name: ${{ env.bindir }}
          if-no-files-found: error
          path: |
            src/${{ env.bindir }}/ipxe.usb

  import:
    name: Import
    runs-on: ubuntu-latest
    needs:
      - build
    container:
      image: ghcr.io/ipxe/ipxe-builder-cloud
    env:
      binaries: >-
        bin-arm64-efi/ipxe.usb
        bin-x86_64-efi/ipxe.usb
        bin-x86_64-pcbios/ipxe.usb
      family: >-
        ${{ github.ref == 'refs/heads/alitest' && '--family ipxetest' || '' }}
    environment: ali-import
    permissions:
      id-token: write
      contents: read
    steps:

      - name: Check out code
        uses: actions/checkout@v6

      - name: Download
        uses: actions/download-artifact@v7
        with:
          path: src
          pattern: "bin-*"

      - name: Log in
        uses: aliyun/configure-aliyun-credentials-action@v1
        with:
          role-to-assume: ${{ vars.ALICLOUD_ROLE }}
          oidc-provider-arn: ${{ vars.ALICLOUD_IDP }}

      - name: Log in (OSS)
        run: |
          cat >> "${GITHUB_ENV}" <<EOF
          OSS_ACCESS_KEY_ID=${ALIBABA_CLOUD_ACCESS_KEY_ID}
          OSS_ACCESS_KEY_SECRET=${ALIBABA_CLOUD_ACCESS_KEY_SECRET}
          OSS_SESSION_TOKEN=${ALIBABA_CLOUD_SECURITY_TOKEN}
          EOF

      - name: Import
        working-directory: src
        run: |
          ../contrib/cloud/ali-import \
              --verbose \
              --public \
              --overwrite \
              ${{ env.family }} \
              ${{ env.binaries }}