# Build and release custom Talos CM5 image
#
# Triggered by pushing a version tag (e.g. v1.11.5-1)
# Runs on ARM64 self-hosted runner (ASUS GX10)
#
# Produces:
#   - Installer container image → Docker Hub (svrnty/talos-rpi5:<tag>)
#   - Raw disk image → Gitea release (metal-arm64.raw.zst)
#
# Runner: Apple Silicon Mac Mini (self-hosted, macOS, arm64)

name: Build Talos CM5 Image

on:
  push:
    tags:
      - 'v*.*.*'

jobs:
  build:
    runs-on: [self-hosted, macos]
    timeout-minutes: 180

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Verify Docker is running
        run: docker info

      - name: Set up Docker Buildx
        run: |
          docker buildx version
          docker buildx create --name talos-builder --driver docker-container --use 2>/dev/null || docker buildx use talos-builder
          docker buildx inspect --bootstrap

      - name: Login to Docker Hub
        run: echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin

      - name: Extract version tag
        id: version
        run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"

      - name: Clone upstream sources
        run: make checkouts

      - name: Apply patches
        run: make patches

      - name: Build kernel
        run: make kernel

      - name: Build SBC overlay
        run: make overlay

      - name: Build installer and disk image
        run: make installer

      - name: Tag release images
        run: make release TAG=${{ steps.version.outputs.tag }}

      - name: Compress disk image
        run: |
          # The imager outputs to checkouts/talos/_out/
          DISK_IMAGE=$(find checkouts/talos/_out -name 'metal-arm64*.raw*' | head -1)
          if [ -z "$DISK_IMAGE" ]; then
            echo "Error: disk image not found in checkouts/talos/_out/"
            find checkouts/talos/_out -type f
            exit 1
          fi
          # Copy to workspace root for release upload
          cp "$DISK_IMAGE" metal-arm64.raw.zst
          ls -lh metal-arm64.raw.zst

      - name: Create Gitea release and upload artifact
        env:
          GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          TAG: ${{ steps.version.outputs.tag }}
        run: |
          GITEA_URL="${GITHUB_SERVER_URL}"
          REPO="${GITHUB_REPOSITORY}"
          API="${GITEA_URL}/api/v1"

          # Create release
          RELEASE_ID=$(curl -sf -X POST \
            -H "Authorization: token ${GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "{
              \"tag_name\": \"${TAG}\",
              \"name\": \"Talos RPi5 ${TAG}\",
              \"body\": \"Custom Talos Linux image for Raspberry Pi 5 / CM5 (Compute Blade)\n\n**Talos version**: ${TAG}\n**Kernel**: RPi downstream (CM5/RP1 support)\n**Extensions**: iscsi-tools, util-linux-tools\n**Overclock**: 2.6GHz (arm_freq=2600)\n\n## Artifacts\n- \`metal-arm64.raw.zst\` — Raw disk image for eMMC flashing\n- \`docker.io/svrnty/talos-rpi5:${TAG}\` — Installer image for talosctl upgrade\",
              \"prerelease\": true
            }" \
            "${API}/repos/${REPO}/releases" | jq -r '.id')

          echo "Created release ID: ${RELEASE_ID}"

          # Upload disk image
          curl -sf -X POST \
            -H "Authorization: token ${GITEA_TOKEN}" \
            -F "attachment=@metal-arm64.raw.zst" \
            "${API}/repos/${REPO}/releases/${RELEASE_ID}/assets?name=metal-arm64.raw.zst"

          echo "Uploaded metal-arm64.raw.zst to release"

      - name: Clean up
        if: always()
        run: make clean