name: E2E (manual)

# The E2E job builds the live image (mkosi, requires apt package
# updates) and boots a QEMU VM against a running orchestrator. It's
# slow and needs a Linux runner with nested virtualization + loop
# devices, so it runs only on workflow_dispatch against the privileged
# self-hosted runner.

on:
  workflow_dispatch:
    inputs:
      ref:
        description: "Git ref to test (default: main)"
        required: false
        default: main

permissions:
  contents: read

jobs:
  e2e:
    runs-on: ubuntu-latest
    timeout-minutes: 45
    steps:
      - uses: actions/checkout@v4
        with:
          ref: ${{ inputs.ref }}

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: "1.26.x"
          cache: false

      - name: Install live-image build dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends \
            mkosi debootstrap squashfs-tools systemd-ukify \
            debian-archive-keyring \
            qemu-system-x86 qemu-utils \
            dnsmasq iperf3 ipxe-qemu

      - name: Install templ
        run: go install github.com/a-h/templ/cmd/templ@v0.3.1001

      - name: Build orchestrator + agent
        run: |
          templ generate
          make orchestrator-linux agent-linux

      - name: Build live image
        run: make live-image

      - name: Run E2E suite
        # The E2E test expects a registered host + queued run; in CI we
        # don't have an operator, so it's skipped unless VETTING_E2E_RUN_ID
        # is supplied. When someone stands up the orchestrator for a
        # dispatch, they can set it via a workflow_dispatch secret.
        env:
          VETTING_E2E_RUN_ID: ${{ vars.VETTING_E2E_RUN_ID }}
        run: sudo -E go test -tags=e2e -count=1 -v ./test/e2e/...