name: ssh-test
run-name: ${{ github.actor }} - ssh-test
on:
  push:
    branches:
    - main
 
jobs:
  ssh-test:
    runs-on: alpine
    container: 
      image: alpine:edge
      options: --mount type=bind,src=/dev/net/tun,dst=/dev/net/tun --privileged
    steps:
    - name: "Runner: Info"
      run: |
        set -x
        pwd
        ls -lah 
        id
        uname -a
        hostname
        cat /etc/os-release
        whoami
        id
        cat /etc/resolv.conf

    - name:  "Setup: Runner"
      run: |
        apk update
        apk add git nodejs nix openssh-client qemu tailscale sudo --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/

    - name:  "Setup: SSH"
      run: |
        mkdir /root/.ssh
        echo "${{ secrets.SSH_PUBLIC_KEY }}"  > /root/.ssh/id_ed25519.pub 
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > /root/.ssh/id_ed25519
        chmod 700 /root/.ssh
        chmod 600 /root/.ssh/id_ed25519 
        chmod 644 /root/.ssh/id_ed25519.pub
        echo "Public Key:  "
        cat /root/.ssh/id_ed25519.pub

    - name: "Setup:  Headscale"
      run: | 
        echo "tailscaled --cleanup"
        sudo tailscaled --cleanup
        echo ""
        echo "tailscaled --state=mem 2> ~/tailscaled.log &"
        sudo tailscaled --state=mem: 2> ~/tailscaled.log &
        echo ""
        echo "tailscale up"
        sudo tailscale up \
            --login-server=https://headscale.sysctl.io \
            --accept-routes \
            --accept-dns \
            --authkey ${{ secrets.TAILSCALE_KEY }}  \
            --hostname forgejo-runner \
            --advertise-tags "tag:forgejo,tag:container,tag:ephemeral"
        sudo tailscale status 
        sudo tailscale netcheck

    - uses: actions/checkout@v3
    - name: "Directory Structure"
      run: | 
        ls ${{ github.workspace }}/*

    - name: "Nix Version"
      run:  | 
        nix --version

    - if: always()
      uses:  https://git.sysctl.io/actions/gotify-action@master
      with:
        gotify_api_base: '${{ secrets.GOTIFY_URL }}'
        gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
        notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] Build Complete'
        notification_message: 'Your build has completed.'
      name:  "Send Notification"
    - if: always()
      run:  rm -rf /.cache
    - if: always()
      run: rm -rf ${{ github.worksspace }}