name: Runners

# Revert to https://github.com/actions-runner-controller/releases#releases
# for details on why we use this approach
on:
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
    branches:
      - 'master'
    paths:
      - 'runner/**'
      - '!runner/Makefile'
      - '.github/workflows/runners.yaml'
      - '!**.md'
  # We must do a trigger on a push: instead of a types: closed so GitHub Secrets 
  # are available to the workflow run
  push:
    branches:
      - 'master'
    paths:
      - 'runner/**'
      - '!runner/Makefile'
      - '.github/workflows/runners.yaml'
      - '!**.md'

env:
  # Safeguard to prevent pushing images to registeries after build  
  PUSH_TO_REGISTRIES: true
  TARGET_ORG: actions-runner-controller
  TARGET_WORKFLOW: release-runners.yaml
  RUNNER_VERSION: 2.300.2
  DOCKER_VERSION: 20.10.21
  RUNNER_CONTAINER_HOOKS_VERSION: 0.2.0

jobs:
  build-runners:
    name: Trigger Build and Push of Runner Images
    runs-on: ubuntu-latest
    steps:
      - name: Get Token
        id: get_workflow_token
        uses: peter-murray/workflow-application-token-action@8e1ba3bf1619726336414f1014e37f17fbadf1db
        with:
          application_id: ${{ secrets.ACTIONS_ACCESS_APP_ID }}
          application_private_key: ${{ secrets.ACTIONS_ACCESS_PK }}
          organization: ${{ env.TARGET_ORG }}

      - name: Trigger Build And Push Runner Images To Registries
        run: |
          # Authenticate
          gh auth login --with-token <<< ${{ steps.get_workflow_token.outputs.token }}

          # Trigger the workflow run
          gh workflow run ${{ env.TARGET_WORKFLOW }} -R ${{ env.TARGET_ORG }}/releases \
            -f runner_version=${{ env.RUNNER_VERSION }} \
            -f docker_version=${{ env.DOCKER_VERSION }} \
            -f runner_container_hooks_version=${{ env.RUNNER_CONTAINER_HOOKS_VERSION }} \
            -f sha='${{ github.sha }}' \
            -f push_to_registries=${{ env.PUSH_TO_REGISTRIES }}