name: Check neon with MacOS builds

on:
  workflow_call:
    inputs:
      pg_versions:
        description: "Array of the pg versions to build for, for example: ['v14', 'v17']"
        type: string
        default: '[]'
        required: false
      rebuild_rust_code:
        description: "Rebuild Rust code"
        type: boolean
        default: false
        required: false
      rebuild_everything:
        description: "If true, rebuild for all versions"
        type: boolean
        default: false
        required: false

env:
  RUST_BACKTRACE: 1
  COPT: '-Werror'

# TODO: move `check-*` and `files-changed` jobs to the "Caller" Workflow
# We should care about that as Github has limitations:
# - You can connect up to four levels of workflows
# - You can call a maximum of 20 unique reusable workflows from a single workflow file.
# https://docs.github.com/en/actions/sharing-automations/reusing-workflows#limitations
permissions:
  contents: read

jobs:
  make-all:
    if: |
      inputs.pg_versions != '[]' || inputs.rebuild_rust_code || inputs.rebuild_everything ||
      contains(github.event.pull_request.labels.*.name, 'run-extra-build-macos') ||
      contains(github.event.pull_request.labels.*.name, 'run-extra-build-*') ||
      github.ref_name == 'main'
    timeout-minutes: 60
    runs-on: macos-15
    env:
      # Use release build only, to have less debug info around
      # Hence keeping target/ (and general cache size) smaller
      BUILD_TYPE: release
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
        with:
          egress-policy: audit

      - name: Checkout main repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          submodules: true
      
      - uses: ./.github/actions/prepare-for-subzero
        with:
          token: ${{ secrets.CI_ACCESS_TOKEN }}

      - name: Install build dependencies
        run: |
          brew install flex bison openssl protobuf icu4c

      - name: Set extra env for macOS
        run: |
          echo 'LDFLAGS=-L/usr/local/opt/openssl@3/lib' >> $GITHUB_ENV
          echo 'CPPFLAGS=-I/usr/local/opt/openssl@3/include' >> $GITHUB_ENV

      - name: Restore "pg_install/" cache
        id: cache_pg
        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: pg_install
          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ env.BUILD_TYPE }}-pg-install-v14-${{ hashFiles('Makefile', 'postgres.mk', 'vendor/revisions.json') }}

      - name: Checkout vendor/postgres submodules
        if: steps.cache_pg.outputs.cache-hit != 'true'
        run: |
          git submodule init
          git submodule update --depth 1 --recursive

      - name: Build Postgres
        if: steps.cache_pg.outputs.cache-hit != 'true'
        run: |
          make postgres -j$(sysctl -n hw.ncpu)

      # This isn't strictly necessary, but it makes the cached and non-cached builds more similar,
      # When pg_install is restored from cache, there is no 'build/' directory. By removing it
      # in a non-cached build too, we enforce that the rest of the steps don't depend on it,
      # so that we notice any build caching bugs earlier.
      - name: Remove build artifacts
        if: steps.cache_pg.outputs.cache-hit != 'true'
        run: |
          rm -rf build

      # Explicitly update the rust toolchain before running 'make'. The parallel make build can
      # invoke 'cargo build' more than once in parallel, for different crates.  That's OK, 'cargo'
      # does its own locking to prevent concurrent builds from stepping on each other's
      # toes. However, it will first try to update the toolchain, and that step is not locked the
      # same way. To avoid two toolchain updates running in parallel and stepping on each other's
      # toes, ensure that the toolchain is up-to-date beforehand.
      - name: Update rust toolchain
        run: |
          rustup --version &&
          rustup update &&
          rustup show

      - name: Cache cargo deps
        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
        with:
          path: |
            ~/.cargo/registry
            !~/.cargo/registry/src
            ~/.cargo/git
            target
          key: v1-${{ runner.os }}-${{ runner.arch }}-cargo-${{ hashFiles('./Cargo.lock') }}-${{ hashFiles('./rust-toolchain.toml') }}-rust

      # Build the neon-specific postgres extensions, and all the Rust bits.
      #
      # Pass PG_INSTALL_CACHED=1 because PostgreSQL was already built and cached
      # separately.
      - name: Build all
        run: PG_INSTALL_CACHED=1 BUILD_TYPE=release make -j$(sysctl -n hw.ncpu) all

      - name: Check that no warnings are produced
        run: ./run_clippy.sh