---

# Main collection of env. vars to set for all tasks and scripts.
env:
    ####
    #### Global variables used for all tasks
    ####
    # File to update in home-dir with task-specific env. var values
    ENVLIB: ".bash_profile"
    GOPATH: "/var/tmp/go"
    PATH: "${PATH}:${GOPATH}"
    IMAGE_PROJECT: "libpod-218412"
    CRIO_REPO: "https://github.com/cri-o/cri-o.git"
    CRIO_SLUG: "github.com/cri-o/cri-o"
    CONMON_SLUG: "github.com/containers/conmon"

    # Overrides default location (/tmp/cirrus) for repo clone (will become $SRC)
    CIRRUS_WORKING_DIR: "${GOPATH}/src/${CONMON_SLUG}"
    # Required so $ENVLIB gets loaded and /bin/sh is not used
    CIRRUS_SHELL: "/bin/bash"
    # Save a little typing (path relative to $CIRRUS_WORKING_DIR)
    SCRIPT_BASE: "./contrib/cirrus"
    # Spoof self as travis, as cirrus has the same test issues as travis does
    TRAVIS: "true"
    FEDORA_CONTAINER_FQIN: "registry.fedoraproject.org/fedora:32"
    PRIOR_FEDORA_CONTAINER_FQIN: "registry.fedoraproject.org/fedora:31"

    # VM Images are maintained in the libpod repo.
    _BUILT_IMAGE_SUFFIX: "podman-6530021898584064" 
    FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}"

    ####
    #### Credentials and other secret-sauces, decrypted at runtime when authorized.
    ####
    # Needed to build GCE images, within a GCE VM
    SERVICE_ACCOUNT: ENCRYPTED[0aad0b5961402c8b8e4abd48fc4d4ac762f608f32e9169381b911d19699990df1a1441897ffa94def46ff73a19ba7577]
    # User ID for cirrus to ssh into VMs
    GCE_SSH_USERNAME: ENCRYPTED[be60deec03db4cc5ef121397e465c6cd4f043f3c31787b2a46661e09909f2675e339e051dd89d13775d9473504432ad0]
    # Name where this repositories cloud resources are located
    GCP_PROJECT_ID: ENCRYPTED[bcc747708a4e2e2e493e4c479efd9cb7b38caf39c7120d849dd859250303b64cbb4d016779e128b6e2e5c5f732d54726]

# Only github users with write-access can define or use encrypted variables
# This credential represents a service account with access to manage both VMs
# and storage.
gcp_credentials: ENCRYPTED[13e51806369f650e6ccc326338deeb3c24052fc0a7be29beef2b96da551aed3200abbb6c6406a936bb4388fb2758405c]

# Default VM to use unless set or modified by task
gce_instance:
    image_project: "${IMAGE_PROJECT}"
    zone: "us-central1-c"  # Required by Cirrus for the time being
    cpu: 2
    memory: "4Gb"
    disk: 200  # Required for performance reasons
    image_name: "${FEDORA_CACHE_IMAGE_NAME}"

# Default timeout for each task
timeout_in: '120m'

# this task runs the conmon integration tests
integration_task:

    depends_on:
        - 'config'
        - 'fmt'

    gce_instance:
        matrix:
            # Images are generated separately, from build_images_task (below)
            image_name: "${FEDORA_CACHE_IMAGE_NAME}"

    integration_test_script: '$SCRIPT_BASE/integration_test.sh'


# Verify conmon package can be built and installed on Fedora
fedora_packaging_task:

    # Runs within Cirrus's "community cluster"
    container:
        matrix:
            image: "${FEDORA_CONTAINER_FQIN}"
            image: "${PRIOR_FEDORA_CONTAINER_FQIN}"
        cpu: 4
        memory: 12

    script:
        - dnf install -y make glib2-devel git gcc rpm-build
        - cd $CIRRUS_WORKING_DIR
        - make
        - make -f .rpmbuild/Makefile
        - rpmbuild --rebuild conmon-*.src.rpm
        - dnf -y install ~/rpmbuild/RPMS/x86_64/conmon*.x86_64.rpm
        - ls -l /usr/bin/conmon

    timeout_in: '20m'

# Verify calls to bin/config were saved
config_task:
    # Runs within Cirrus's "community cluster"
    container:
        matrix:
               # fedora:28 doesn't have go mod by default
               # and we should only need one check to make sure
               # config changes were synced
            image: "${FEDORA_CONTAINER_FQIN}"
        cpu: 4
        memory: 12

    script:
        - dnf install -y make glib2-devel git gcc golang
        - cd $CIRRUS_WORKING_DIR
        - make config
        - ./hack/tree_status.sh

# Verify code was fmt'ed properly
fmt_task:
    # Runs within Cirrus's "community cluster"
    container:
        matrix:
               # fedora:28 doesn't have go mod by default
               # and we should only need one check to make sure
               # config changes were synced
            image: "${FEDORA_CONTAINER_FQIN}"
        cpu: 4
        memory: 12

    script:
        - dnf install -y make glib2-devel git gcc rpm-build clang golang
        - cd $CIRRUS_WORKING_DIR
        - make fmt
        - ./hack/tree_status.sh

# Build the static binary
static_binary_task:
    depends_on:
        - 'config'
        - 'fmt'

    gce_instance:
        image_name: "${FEDORA_CACHE_IMAGE_NAME}"
        cpu: 8
        memory: 12
        disk: 200

    init_script: |
        set -ex
        setenforce 0
        growpart /dev/sda 1 || true
        resize2fs /dev/sda1 || true
        yum -y install podman

    nix_cache:
      folder: '.cache'
      fingerprint_script: |
        echo "nix-v1-$(sha1sum nix/nixpkgs.json | head -c 40)"

    build_script: |
        set -ex
        mkdir -p .cache
        mv .cache /nix
        if [[ -z $(ls -A /nix) ]]; then podman run --rm --privileged -ti -v /:/mnt nixos/nix cp -rfT /nix /mnt/nix; fi
        podman run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
        mv /nix .cache
        chown -Rf $(whoami) .cache

    binaries_artifacts:
        path: "result/bin/conmon"