name: CI

on:
  push:
  pull_request:
  workflow_dispatch:
  schedule:
    - cron:  '0 12 * * *' # Every day noon UTC

jobs:
  build:
    strategy:
      matrix:
        # Each major Go release is supported until there are two newer major releases.
        # https://go.dev/doc/devel/release#policy
        go:
          - "1.19.x" # Debian bookworm, bullseye-backports
          - "1.22.x" # Ubuntu 24.04 LTS "noble"
          - "oldstable" # 2nd-latest Golang upstream stable
          - "stable" # Latest Go upstream stable
        os:
          - "ubuntu-24.04"
          - "ubuntu-24.04-arm"
      # Don't cancel everything when one Go version fails
      fail-fast: false
    runs-on: ${{ matrix.os }}
    steps:

    - name: Install Go ${{ matrix.go }}
      uses: actions/setup-go@v3
      with:
        go-version: ${{ matrix.go }}

    # Looks like Github Actions leaks fds to child processes
    # https://github.com/actions/runner/issues/1188
    - run: ls -l /proc/self/fd

    - uses: actions/checkout@v3
      with:
        fetch-depth: 0 # Make "git describe" work

    # CI platform specific setup steps happen here
    - run: sudo apt-get install -qq fuse3 libssl-dev

    # Fix "/usr/bin/fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf"
    # and "/usr/bin/fusermount3: too many FUSE filesystems mounted"
    - run: echo -e 'user_allow_other\nmount_max = 10000' | sudo tee -a /etc/fuse.conf && cat /etc/fuse.conf

    # Build & upload static binary
    - run: ./build-without-openssl.bash
    - uses: actions/upload-artifact@v4
      with:
        name: gocryptfs ${{ github.sha }} static ${{ runner.arch }} binary, Go ${{ matrix.go }}
        path: gocryptfs

    # Actual test steps are in the Makefile
    - run: make ci