name: Constellation verify
description: "Verify a Constellation cluster."

inputs:
  osImage:
    description: "The OS image used in the cluster."
    required: true
  cloudProvider:
    description: "The cloud provider used in the cluster."
    required: true

runs:
  using: "composite"
  steps:
    - name: Clear current measurements
      shell: bash
      run: |
        yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml

    - name: Fetch & write measurements
      shell: bash
      run: |
        MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r)
        for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
            echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
            yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
            yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].warnOnly = false" constellation-conf.yaml
        done
        yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml
        cat constellation-conf.yaml

    - name: Constellation verify
      shell: bash
      run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json)