name: httpd

on:
  push:
    branches: [ 'main' ]
    paths: ['.github/workflows/httpd.yml', 'httpd/**']
  pull_request:
    branches: [ 'main' ]
    paths: ['.github/workflows/httpd.yml', 'httpd/**']
  workflow_call:
    inputs:
      build_main:
        description: "Build using liboqs and oqsprovider main branches"
        required: false
        default: false
        type: boolean
      release_tag:
        description: "Which docker tag to push to"
        required: false
        type: string
  workflow_dispatch:
    inputs:
      build_main:
        description: "Build using liboqs and oqsprovider main branches"
        required: false
        default: false
        type: boolean
      release_tag:
        description: "Which docker tag to push to"
        required: false
        type: string

env:
  build-args: |
    LIBOQS_TAG=main
    OQSPROVIDER_TAG=main
  push: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'  && inputs.build_main != 'true' }}

jobs:
  build:
    strategy:
      fail-fast: false
      matrix:
        include:
          - arch: x86_64
            runner: ubuntu-latest
          - arch: arm64
            runner: oqs-arm64
    runs-on: ${{ matrix.runner }}
    steps:
      - uses: actions/checkout@v4
      - uses: docker/login-action@v3
        if: env.push == 'true'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build the httpd Docker image
        uses: docker/build-push-action@v6
        with:
          load: true
          context: httpd
          build-args: |
            MAKE_DEFINES=-j4
            ${{ (inputs.build_main == 'true') && env.build-args || null }}
          tags: oqs-httpd

      - name: Build the curl Docker image
        uses: docker/build-push-action@v6
        with:
          load: true
          context: curl
          build-args: |
            MAKE_DEFINES=-j4
            ${{ (inputs.build_main == 'true') && env.build-args || null }}
          tags: oqs-curl

      - name: Test httpd using curl
        run: |
          docker network create httpd-test &&
          docker run --network httpd-test --detach --rm --name oqs-httpd oqs-httpd &&
          sleep 2 &&
          docker run --network httpd-test oqs-curl curl -k https://oqs-httpd:4433 --curves kyber768

      - name: Push Docker image to registries
        if: env.push == 'true'
        uses: docker/build-push-action@v6
        with:
          push: true
          context: httpd
          build-args: |
            MAKE_DEFINES=-j4
            ${{ (inputs.build_main == 'true') && env.build-args || null }}
          tags: |
            ghcr.io/${{ github.repository_owner }}/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}
            openquantumsafe/httpd:${{ inputs.release_tag || 'latest' }}-${{ matrix.arch }}

  push:
    if: ${{ github.repository == 'open-quantum-safe/oqs-demos' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request'  && inputs.build_main != 'true' }}
    needs: build
    runs-on: ubuntu-latest
    steps:
      - uses: ./.github/workflows/manifest
        with:
          image_name: httpd
          release_tag: ${{ inputs.release_tag || 'latest' }}