name: e2e test attestationconfig API

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - "release/**"
    paths:
      - "internal/api/**"
      - ".github/workflows/e2e-attestationconfigapi.yml"
      - "go.mod"

jobs:
  e2e-api:
    strategy:
      fail-fast: false
      max-parallel: 1
      matrix:
        attestationVariant: ["azure-sev-snp", "azure-tdx", "aws-sev-snp", "gcp-sev-snp"]
    runs-on: ubuntu-24.04
    permissions:
      id-token: write
      contents: read
      packages: write
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # Don't trigger in forks, use head on pull requests, use default otherwise.
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }}

      - name: Run Attestationconfig API E2E
        uses: ./.github/actions/e2e_attestationconfigapi
        with:
          cosignPrivateKey: ${{ secrets.COSIGN_DEV_PRIVATE_KEY }}
          cosignPassword: ${{ secrets.COSIGN_DEV_PASSWORD }}
          attestationVariant: ${{ matrix.attestationVariant }}