name: Upload to s3

on:
  workflow_call:
    inputs:
      package:
        description: Package to be built, for now is either pezkuwi or pezkuwi-teyrchain-bin
        required: true
        type: string

      release_tag:
        description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM-rcX
        required: true
        type: string

      target:
        description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
        required: true
        type: string

jobs:
  upload-artifacts-to-s3:
      runs-on: ubuntu-latest
      environment: release
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
        AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

      steps:
        - name: Checkout
          uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

        - name: Download amd64 artifacts
          uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
          with:
            name: ${{ inputs.package }}_${{ inputs.target }}
            path: release-artifacts/${{ inputs.target }}/${{ inputs.package }}

        - name: Configure AWS Credentials
          uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
          with:
            aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
            aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
            aws-region: ${{ env.AWS_REGION }}

        - name: Upload ${{ inputs.package }} artifacts to s3
          run: |
            . ./.github/scripts/release/release_lib.sh
            upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} ${{ inputs.target }}