name: Build and upload constellation node operator image

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - "release/**"
    paths:
      - "operators/constellation-node-operator/**"
      - "internal/**"
      - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops
      - ".github/workflows/build-constellation-node-operator.yml"

jobs:
  build-constellation-node-operator:
    runs-on: ubuntu-22.04
    permissions:
      contents: read
      packages: write
    steps:
      - name: Check out repository
        id: checkout
        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
        with:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Setup Go environment
        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
        with:
          go-version: "1.20.3"

      - name: Build and upload constellation-node-operator container image
        uses: ./.github/actions/build_micro_service_ko
        with:
          name: node-operator
          koTarget: ./operators/constellation-node-operator
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
          cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
          cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}