name: "Bootstrap"
description: "Bootstrap all syft tools and dependencies on top of go-make's setup action"

# This action is a thin wrapper around anchore/go-make/.github/actions/setup which
# already handles checkout, setup-go, restore-only build/mod cache, and tool cache.
# We add the syft-specific extras here: apt packages and the test fixture cache.

inputs:
  go-version:
    description: "Go version to install (passed to go-make/setup)"
    required: true
    default: "1.26.2"
  cache-key-prefix:
    description: "Prefix all cache keys with this value (passed to go-make/setup)"
    required: true
    default: "v1"
  cache-enabled:
    description: "Enable build/mod and tool caching (passed to go-make/setup)"
    required: true
    default: "true"
  download-test-fixture-cache:
    description: "Download test fixture cache from OCI and github actions"
    required: true
    default: "false"
  bootstrap-apt-packages:
    description: "Space delimited list of tools to install via apt"
    default: "libxml2-utils"

runs:
  using: "composite"
  steps:
    - name: Setup go + go-make tooling
      uses: anchore/go-make/.github/actions/setup@88c36505984649108439f13fb35dcaea4ce61d94 # v0.4.0
      with:
        go-version: ${{ inputs.go-version }}
        cache-key-prefix: ${{ inputs.cache-key-prefix }}
        cache-enabled: ${{ inputs.cache-enabled }}

    - name: Install binny-managed tools
      shell: bash
      run: make binny:install

    - name: Install apt packages
      if: inputs.bootstrap-apt-packages != ''
      shell: bash
      env:
        APT_PACKAGES: ${{ inputs.bootstrap-apt-packages }}
      run: |
        IFS=' ' read -ra packages <<< "$APT_PACKAGES"
        DEBIAN_FRONTEND=noninteractive sudo apt update && sudo -E apt install -y "${packages[@]}"

    # ORAS cache: restore-only on non-default branches / forks
    - name: Restore ORAS cache from github actions
      if: ${{ inputs.download-test-fixture-cache == 'true' && (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) || github.event.repository.fork == true) }}
      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
        path: ${{ github.workspace }}/.tmp/oras-cache
        key: ${{ inputs.cache-key-prefix }}-oras-cache

    # ORAS cache: restore + save on the default branch of the canonical repo only.
    - name: Restore and save ORAS cache from github actions
      if: ${{ inputs.download-test-fixture-cache == 'true' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && github.event.repository.fork == false }}
      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
      with:
        path: ${{ github.workspace }}/.tmp/oras-cache
        key: ${{ inputs.cache-key-prefix }}-oras-cache

    - name: Download test fixture cache
      if: inputs.download-test-fixture-cache == 'true'
      shell: bash
      run: make download-test-fixture-cache