name: Constellation verify
description: "Verify a Constellation cluster."

inputs:
  osImage:
    description: "The OS image used in the cluster."
    required: true
  cloudProvider:
    description: "The cloud provider used in the cluster."
    required: true

runs:
  using: "composite"
  steps:
    - name: Clear current measurements
      shell: bash
      run: |
        if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]]
        then
          yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml
        else
          yq -i 'del(.attestation.awsNitroTPM.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.azureSEVSNP.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.azureTrustedLaunch.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.gcpSEVES.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.qemuVTPM.measurements)' constellation-conf.yaml
        fi

    - name: Expand version path
      id: expand-version
      uses: ./.github/actions/shortname
      with:
        shortname: ${{ inputs.osImage }}

    - name: Constellation fetch measurements
      shell: bash
      run: |
        if [[ ${{ steps.expand-version.outputs.stream }} == "debug" ]]
        then
          constellation config fetch-measurements --insecure
        else
          constellation config fetch-measurements
        fi

    - name: Constellation verify
      shell: bash
      run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json) --force