name: authentik-ci-main

on:
  push:
    branches:
      - master
      - next
      - version-*
    paths-ignore:
      - website
  pull_request:
    branches:
      - master

env:
  POSTGRES_DB: authentik
  POSTGRES_USER: authentik
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"

jobs:
  lint:
    strategy:
      fail-fast: false
      matrix:
        job:
          - pylint
          - black
          - isort
          - bandit
          - pyright
          - pending-migrations
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - name: run job
        run: poetry run make ci-${{ matrix.job }}
  test-migrations:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - name: run migrations
        run: poetry run python -m lifecycle.migrate
  test-migrations-from-stable:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - name: checkout stable
        run: |
          # Copy current, latest config to local
          cp authentik/lib/default.yml local.env.yml
          cp -R .github ..
          cp -R scripts ..
          git checkout $(git describe --abbrev=0 --match 'version/*')
          rm -rf .github/ scripts/
          mv ../.github ../scripts .
      - name: Setup authentik env (ensure stable deps are installed)
        uses: ./.github/actions/setup
      - name: run migrations to stable
        run: poetry run python -m lifecycle.migrate
      - name: checkout current code
        run: |
          set -x
          git fetch
          git reset --hard HEAD
          git clean -d -fx .
          git checkout $GITHUB_SHA
          poetry install
      - name: Setup authentik env (ensure latest deps are installed)
        uses: ./.github/actions/setup
      - name: migrate to latest
        run: poetry run python -m lifecycle.migrate
  test-unittest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - name: run unittest
        run: |
          poetry run make test
          poetry run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [unittest]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
  test-integration:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - name: Create k8s Kind Cluster
        uses: helm/kind-action@v1.2.0
      - name: run integration
        run: |
          poetry run make test-integration
          poetry run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [integration]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
  test-e2e-provider:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - name: Setup authentik env
        run: |
          docker-compose -f tests/e2e/docker-compose.yml up -d
      - id: cache-web
        uses: actions/cache@v3
        with:
          path: web/dist
          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }}
      - name: prepare web ui
        if: steps.cache-web.outputs.cache-hit != 'true'
        working-directory: web
        run: |
          npm ci
          npm run build
      - name: run e2e
        run: |
          poetry run make test-e2e-provider
          poetry run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [e2e-provider]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
  test-e2e-rest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - name: Setup authentik env
        run: |
          docker-compose -f tests/e2e/docker-compose.yml up -d
      - id: cache-web
        uses: actions/cache@v3
        with:
          path: web/dist
          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }}
      - name: prepare web ui
        if: steps.cache-web.outputs.cache-hit != 'true'
        working-directory: web/
        run: |
          npm ci
          npm run build
      - name: run e2e
        run: |
          poetry run make test-e2e-rest
          poetry run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [e2e-rest]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v3
  ci-core-mark:
    needs:
      - lint
      - test-migrations
      - test-migrations-from-stable
      - test-unittest
      - test-integration
      - test-e2e-rest
      - test-e2e-provider
    runs-on: ubuntu-latest
    steps:
      - run: echo mark
  build:
    needs: ci-core-mark
    runs-on: ubuntu-latest
    timeout-minutes: 120
    strategy:
      fail-fast: false
      matrix:
        arch:
          - 'linux/amd64'
    steps:
      - uses: actions/checkout@v3
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2.0.0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: prepare variables
        id: ev
        env:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
        uses: ./.github/actions/docker-setup
      - name: Login to Container Registry
        uses: docker/login-action@v2
        if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Building Docker Image
        uses: docker/build-push-action@v3
        with:
          push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
          tags: |
            ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}
            ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }}
          build-args: |
            GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
          platforms: ${{ matrix.arch }}