name: plugins-selinux

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

on:
  workflow_dispatch:
  pull_request:
    paths:
      - 'selinux/**'
  push:
    branches:
      - develop
      - master
    paths:
      - 'selinux/**'

jobs:
  get-environment:
    uses: ./.github/workflows/get-environment.yml
    with:
      version_file: selinux/packaging/centreon-plugins-selinux.yaml

  package:
    needs: [get-environment]
    if: |
      needs.get-environment.outputs.skip_workflow == 'false' &&
      needs.get-environment.outputs.stability != 'stable'
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        include:
          - package_extension: rpm
            image: packaging-plugins-alma8
            distrib: el8
          - package_extension: rpm
            image: packaging-plugins-alma9
            distrib: el9

    container:
      image: ${{ vars.DOCKER_INTERNAL_REGISTRY_URL }}/${{ matrix.image }}
      credentials:
        username: ${{ secrets.HARBOR_CENTREON_PULL_USERNAME }}
        password: ${{ secrets.HARBOR_CENTREON_PULL_TOKEN }}

    name: package ${{ matrix.distrib }}

    steps:
      - name: Checkout sources
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: Generate selinux binary
        run: |
          cd selinux/src
          sed -i "s/@VERSION@/${{ needs.get-environment.outputs.version }}/g" centreon-plugins.te
          make -f /usr/share/selinux/devel/Makefile
        shell: bash

      - name: Package
        uses: ./.github/actions/package-nfpm
        with:
          nfpm_file_pattern: "selinux/packaging/centreon-plugins-selinux.yaml"
          distrib: ${{ matrix.distrib }}
          package_extension: ${{ matrix.package_extension }}
          version: ${{ needs.get-environment.outputs.version }}
          release: ${{ needs.get-environment.outputs.release }}
          commit_hash: ${{ github.sha }}
          cache_key: ${{ github.sha }}-${{ github.run_id }}-${{ matrix.package_extension }}-${{ matrix.distrib }}
          rpm_gpg_key: ${{ secrets.RPM_GPG_SIGNING_KEY }}
          rpm_gpg_signing_key_id: ${{ secrets.RPM_GPG_SIGNING_KEY_ID }}
          rpm_gpg_signing_passphrase: ${{ secrets.RPM_GPG_SIGNING_PASSPHRASE }}
          stability: ${{ needs.get-environment.outputs.stability }}

  deliver-packages:
    needs: [get-environment, package]
    if: |
      needs.get-environment.outputs.skip_workflow == 'false' &&
      (contains(fromJson('["testing", "unstable"]'), needs.get-environment.outputs.stability) || ( needs.get-environment.outputs.stability == 'stable' && github.event_name != 'workflow_dispatch')) &&
      ! cancelled() &&
      ! contains(needs.*.result, 'failure') &&
      ! contains(needs.*.result, 'cancelled')
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        include:
          - distrib: el8
            package_extension: rpm
          - distrib: el9
            package_extension: rpm

    name: deliver ${{ matrix.distrib }}
    steps:
      - name: Checkout sources
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

      - name: Delivery
        uses: ./.github/actions/package-delivery
        with:
          module_name: plugins-selinux
          distrib: ${{ matrix.distrib }}
          cache_key: ${{ github.sha }}-${{ github.run_id }}-${{ matrix.package_extension }}-${{ matrix.distrib }}
          stability: ${{ needs.get-environment.outputs.stability }}
          release_type: ${{ needs.get-environment.outputs.release_type }}
          artifactory_token: ${{ secrets.ARTIFACTORY_ACCESS_TOKEN }}

  set-skip-label:
    needs: [get-environment, deliver-packages]
    if: |
      needs.get-environment.outputs.skip_workflow == 'false' &&
      ! cancelled() &&
      ! contains(needs.*.result, 'failure') &&
      ! contains(needs.*.result, 'cancelled')
    uses: ./.github/workflows/set-pull-request-skip-label.yml