name: Downstream release tests

permissions:
  contents: read

on: [workflow_call, workflow_dispatch]

# Trigger oqs-provider release tests.
# When triggered by a release (see release.yml), the liboqs release tag and the provider "<release tag>-tracker" branch are used.
# When triggered by a commit message (see filter.yml), the triggering liboqs branch and the provider "<liboqs branch>-tracker" branch are used.
# If the tracker branch does not exist, the downstream pipeline should detect it and run on the main branch instead.

jobs:
  oqs-provider-release-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout release tests script
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4
        with:
          sparse-checkout: |
            scripts/provider-test-trigger.sh
          sparse-checkout-cone-mode: false
      - name: Trigger oqs-provider release tests
        run: |
          CURL_FLAGS="--silent --write-out \n%{response_code}\n" \
          ACCESS_TOKEN="${{ secrets.OQSBOT_GITHUB_ACTIONS }}" \
          LIBOQS_REF="${{ github.ref_name }}" \
          PROVIDER_REF="${{ github.ref_name }}-tracker" \
          ./scripts/provider-test-trigger.sh | tee curl_out \
          && grep -q "204" curl_out