name: Release Digital Ocean 1-Click

on:
  release:
    types: [published]

  push:
    paths:
      - "DigitalOceanMarketplace/**"

  workflow_dispatch:

permissions:
  contents: read

jobs:
  build-image:
    name: Build Image
    runs-on: ubuntu-24.04
    permissions:
      contents: read
      id-token: write
    steps:
      - name: Checkout repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Log in to Azure
        uses: bitwarden/gh-actions/azure-login@main
        with:
          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
          client_id: ${{ secrets.AZURE_CLIENT_ID }}

      - name: Retrieve secrets
        id: retrieve-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: "bitwarden-ci"
          secrets: "digital-ocean-api-key"

      - name: Log out from Azure
        uses: bitwarden/gh-actions/azure-logout@main

      - name: Set version from version.json
        id: set-version
        run: |
          VERSION=$(grep '^ *"coreVersion":' version.json \
            | awk -F\: '{ print $2 }' \
            | sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
          echo "version=$VERSION" >> $GITHUB_OUTPUT

      - name: Set up Hashicorp Packer
        uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232 # v3.1.0

      - name: Build Digital Ocean Image
        env:
          DIGITALOCEAN_TOKEN: ${{ steps.retrieve-secrets.outputs.digital-ocean-api-key }}
          DIGITALOCEAN_IMG_VERSION: ${{ steps.set-version.outputs.version }}
        working-directory: ./DigitalOceanMarketplace
        run: |
          packer version
          packer init -upgrade marketplace-image.pkr.hcl
          packer build marketplace-image.pkr.hcl

      - name: Install doctl
        if: ${{ github.event_name != 'release' && github.event_name != 'workflow_dispatch' }}
        uses: digitalocean/action-doctl@135ac0aa0eed4437d547c6f12c364d3006b42824 # v2.5.1
        with:
          token: ${{ steps.retrieve-secrets.outputs.digital-ocean-api-key }}

      - name: Digital Ocean Image Cleanup
        working-directory: ./DigitalOceanMarketplace
        if: ${{ github.event_name != 'release' && github.event_name != 'workflow_dispatch' }}
        run: |
          # Get the ID from the snapshot build.
          DO_ARTIFACT=$(jq -r '.builds[-1].artifact_id' manifest.json | cut -d ":" -f2)

          # Force remove the snapshot
          doctl compute image delete $DO_ARTIFACT -f