bootstrap/.gitea/workflows/build.yml

name: Build Bootstrap Bundle

on:
  push:
    branches: [main]
    paths:
      - 'bootstrap.yml'
      - 'roles/**'
  workflow_dispatch:

jobs:
  build:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Python
        run: |
          apt-get update && apt-get install -y python3 python3-pip python3-venv

      - name: Install dependencies
        run: |
          python3 -m venv .venv
          .venv/bin/pip install ansible ansible-bundler
          echo "$PWD/.venv/bin" >> $GITHUB_PATH

      - name: Verify playbook syntax
        run: |
          ansible-playbook --syntax-check bootstrap.yml -e 'user_pubkey="test"'

      - name: Build bundle
        run: |
          bundle-playbook bootstrap.yml -o bootstrap.run

      - name: Generate checksums
        run: |
          sha256sum bootstrap.run > bootstrap.run.sha256
          md5sum bootstrap.run > bootstrap.run.md5

      - name: Upload to release storage
        run: |
          # Option 1: Upload to Gitea generic packages
          curl -X PUT \
            -H "Authorization: token ${{ secrets.DEPLOY_TOKEN }}" \
            -T bootstrap.run \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/bootstrap.run"

          curl -X PUT \
            -H "Authorization: token ${{ secrets.DEPLOY_TOKEN }}" \
            -T bootstrap.run.sha256 \
            "${{ github.server_url }}/api/packages/${{ github.repository_owner }}/generic/bootstrap/latest/bootstrap.run.sha256"

      # Alternative: Upload as artifact (for manual download)
      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: bootstrap-bundle
          path: |
            bootstrap.run
            bootstrap.run.sha256
          retention-days: 90