name: macOS image generation
on:
  workflow_call:
    inputs:
      image_label:
        type: string
        description: macOS codename
        required: true
      base_image_name:
        type: string
        description: Base clean image
        required: true
      template_path:
        type: string
        description: Packer template path
        required: true
      target_datastore:
        type: string
        description: Image datastore
        required: true
      custom_repo:
        type: string
        description: Custom repo to checkout
        required: false
      custom_repo_commit_hash:
        type: string
        description: Custom repo commit hash
        required: false

env:
  KEYVAULT: imagegeneration
  ESXI_CLUSTER: mcv2-build-unstable
  VCENTER_DATACENTER: imagegen
  OUTPUT_FOLDER: mms-output
  BUILD_DATASTORE: ds-image

defaults:
  run:
    shell: pwsh

jobs:
  build:
    #
    # "macos-vmware" is dedicated runner not available in forks.
    # to reduce undesired run attempts in forks, stick jobs to "actions" organization only
    #
    runs-on: macos-vmware
    if: ${{ github.repository_owner == 'actions' }}
    timeout-minutes: 1200
    steps:
    - name: Set image variables
      run: |
        $currentDate = Get-Date -Format "yyyyMMdd"
        $templatePath = "${{ inputs.template_path }}"
        $osName = $(($templatePath.Split("/")[-1]).Split(".")[0])
        $virtualMachineName = "${osName}_${currentDate}_unstable.${{ github.run_id }}.${{ github.run_attempt }}"
        "VM_NAME=$virtualMachineName" | Out-File -Append -FilePath $env:GITHUB_ENV

    - name: Determine checkout type
      run: |
        if ("${{ inputs.custom_repo }}" -and "${{ inputs.custom_repo_commit_hash }}") {
            $checkoutType = "custom_repo"
        } elseif (("${{ github.event_name }}" -eq "pull_request_target") -and ("${{ github.event.action }}" -eq "labeled" )) {
            $checkoutType = "pull_request"
        } else {
            $checkoutType = "main"
        }
        "CHECKOUT_TYPE=$checkoutType" | Out-File -Append $env:GITHUB_ENV

    - name: Checkout repository
      if: ${{ env.CHECKOUT_TYPE == 'main' }}
      uses: actions/checkout@v3
      with:
        repository: actions/runner-images

    - name: Checkout PR
      if: ${{ env.CHECKOUT_TYPE == 'pull_request' }}
      uses: actions/checkout@v3
      with:
        ref: ${{ github.event.pull_request.head.sha }}

    - name: Checkout custom repository
      if: ${{ env.CHECKOUT_TYPE == 'custom_repo' }}
      uses: actions/checkout@v3
      with:
        repository: '${{ inputs.custom_repo }}'
        ref: '${{ inputs.custom_repo_commit_hash }}'

    - name: Validate contributor permissions
      if: ${{ github.event_name == 'pull_request_target' }}
      run: |
        [string]$contributorAllowList = "${{ vars.CONTRIBUTOR_ALLOWLIST }}"
        ./images.CI/macos/validate-contributor.ps1 `
          -RepositoryName ${{ github.repository }} `
          -AccessToken ${{ secrets.GH_FEED }} `
          -SourceBranch "refs/pull/${{ github.event.pull_request.number }}/merge" `
          -ContributorAllowList $contributorAllowList

    - name: Select datastore
      run: |
        ./images.CI/macos/select-datastore.ps1 `
          -VMName "${{ env.VM_NAME }}" `
          -VIServer ${{ secrets.VISERVER_V2 }} `
          -VIUserName ${{ secrets.VI_USER_NAME }} `
          -VIPassword ${{ secrets.VI_PASSWORD }} `
          -Cluster ${{ env.ESXI_CLUSTER }}

    - name: Create xcversion session cookie file
      shell: bash
      run: |
        mkdir -p ${{ runner.temp }}/xcversion-cookie
        cookie='${{ secrets.XCVERSION_AUTH_COOKIE }}'
        echo "$cookie" > ${{ runner.temp }}/xcversion-cookie/cookie

    - name: Build VM
      run: |
        $SensitiveData = @(
          'IP address:',
          'Using ssh communicator to connect:'
        )
         packer build -on-error=abort `
        -var="vcenter_server=${{ secrets.VISERVER_V2 }}" `
        -var="vcenter_username=${{ secrets.VI_USER_NAME }}" `
        -var="vcenter_password=${{ secrets.VI_PASSWORD }}" `
        -var="vcenter_datacenter=${{ env.VCENTER_DATACENTER }}" `
        -var="cluster_or_esxi_host=${{ env.ESXI_CLUSTER }}" `
        -var="esxi_datastore=${{ env.BUILD_DATASTORE }}" `
        -var="output_folder=${{ env.OUTPUT_FOLDER }}" `
        -var="vm_username=${{ secrets.VM_USERNAME }}" `
        -var="vm_password=${{ secrets.VM_PASSWORD }}" `
        -var="github_api_pat=${{ secrets.GH_FEED_TOKEN }}" `
        -var="build_id=${{ env.VM_NAME }}" `
        -var="baseimage_name=${{ inputs.base_image_name }}" `
        -var="xcode_install_user=${{ secrets.XCODE_USER }}" `
        -var="xcode_install_password=${{ secrets.XCODE_PASSWORD }}" `
        -var="xcversion_auth_cookie=${{ env.XCVERSION_COOKIE_PATH }}" `
        -color=false `
        ${{ inputs.template_path }} `
        | Where-Object {
            #Filter sensitive data from Packer logs
            $currentString = $_
            $sensitiveString = $SensitiveData | Where-Object { $currentString -match $_ }
            $sensitiveString -eq $null
        }
      working-directory: images/macos
      env:
        PACKER_LOG: 1
        PACKER_LOG_PATH: ${{ runner.temp }}/packer-log.txt
        XCVERSION_COOKIE_PATH: ${{ runner.temp }}/xcversion-cookie/cookie

    - name: Prepare artifact
      shell: bash
      run: |
        echo "Preparing artifact directory"
        mkdir -p ${{ runner.temp }}/artifacts

        echo "Copy image output files"
        cp -R "images/image-output/software-report/." "${{ runner.temp }}/artifacts"

        echo "Put VM name to 'VM_Done_Name' file"
        echo "${{ env.VM_NAME }}" > "${{ runner.temp }}/artifacts/VM_Done_Name"

    - name: Print markdown software report
      run: |
        Get-Content "${{ runner.temp }}/artifacts/systeminfo.md"

    - name: Print json software report
      run: |
        Get-Content "${{ runner.temp }}/artifacts/systeminfo.json"

    - name: Publish Artifacts
      uses: actions/upload-artifact@v3
      with:
        name: Built_VM_Artifacts
        path: ${{ runner.temp }}/artifacts/

    - name: Print provisioners duration
      run: |
        ./images.CI/measure-provisioners-duration.ps1 `
          -PackerLogPath "${{ runner.temp }}/packer-log.txt" `
          -PrintTopNLongest 25

    - name: Move vm to cold storage and clear datastore tag
      if: ${{ always() }}
      run: |
        ./images.CI/macos/move-vm.ps1 `
          -VMName "${{ env.VM_NAME }}" `
          -TargetDataStore "${{ inputs.target_datastore }}" `
          -VIServer "${{ secrets.VISERVER_V2 }}" `
          -VIUserName "${{ secrets.VI_USER_NAME }}" `
          -VIPassword "${{ secrets.VI_PASSWORD }}" `
          -JobStatus "${{ job.status }}"

    - name: Set VM size
      run: |
        $cpuCount = 3
        $coresPerSocketCount = 3
        $memory = 14336

        ./images.CI/macos/set-vm-size.ps1 `
          -VMName "${{ env.VM_NAME }}" `
          -CpuCount "$cpuCount" `
          -CoresPerSocketCount "$coresPerSocketCount" `
          -Memory "$memory" `
          -VIServer "${{ secrets.VISERVER_V2 }}" `
          -VIUserName "${{ secrets.VI_USER_NAME }}" `
          -VIPassword "${{ secrets.VI_PASSWORD }}"

    - name: Destroy VM (if build canceled only)
      if: ${{ cancelled() }}
      run: |
        ./images.CI/macos/destroy-vm.ps1 `
          -VMName "${{ env.VM_NAME }}" `
          -VIServer "${{ secrets.VISERVER_V2 }}" `
          -VIUserName "${{ secrets.VI_USER_NAME }}" `
          -VIPassword "${{ secrets.VI_PASSWORD }}"