name: authentik-ci-main

on:
  push:
    branches:
      - master
      - next
      - version-*
    paths-ignore:
      - website
  pull_request:
    branches:
      - master

env:
  POSTGRES_DB: authentik
  POSTGRES_USER: authentik
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"

jobs:
  lint:
    strategy:
      fail-fast: false
      matrix:
        job:
          - pylint
          - black
          - isort
          - bandit
          - pyright
          - pending-migrations
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - uses: actions/setup-node@v2
        with:
          node-version: '16'
      - id: cache-pipenv
        uses: actions/cache@v2.1.7
        with:
          path: ~/.local/share/virtualenvs
          key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: scripts/ci_prepare.sh
      - name: run pylint
        run: pipenv run make ci-${{ matrix.job }}
  test-migrations:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - id: cache-pipenv
        uses: actions/cache@v2.1.7
        with:
          path: ~/.local/share/virtualenvs
          key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: scripts/ci_prepare.sh
      - name: run migrations
        run: pipenv run python -m lifecycle.migrate
  test-migrations-from-stable:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - name: prepare variables
        id: ev
        run: |
          python ./scripts/gh_env.py
      - id: cache-pipenv
        uses: actions/cache@v2.1.7
        with:
          path: ~/.local/share/virtualenvs
          key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
      - name: checkout stable
        run: |
          # Copy current, latest config to local
          cp authentik/lib/default.yml local.env.yml
          git checkout $(git describe --abbrev=0 --match 'version/*')
          git checkout $GITHUB_HEAD_REF -- .github
          git checkout $GITHUB_HEAD_REF -- scripts
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: |
          scripts/ci_prepare.sh
          # Sync anyways since stable will have different dependencies
          pipenv sync --dev
      - name: run migrations to stable
        run: pipenv run python -m lifecycle.migrate
      - name: checkout current code
        run: |
          set -x
          git fetch
          git checkout $GITHUB_HEAD_REF
          pipenv sync --dev
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: scripts/ci_prepare.sh
      - name: migrate to latest
        run: pipenv run python -m lifecycle.migrate
  test-unittest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - id: cache-pipenv
        uses: actions/cache@v2.1.7
        with:
          path: ~/.local/share/virtualenvs
          key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: scripts/ci_prepare.sh
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - name: run unittest
        run: |
          pipenv run make test
          pipenv run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [unittest]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v2
  test-integration:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - id: cache-pipenv
        uses: actions/cache@v2.1.7
        with:
          path: ~/.local/share/virtualenvs
          key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: scripts/ci_prepare.sh
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - name: Create k8s Kind Cluster
        uses: helm/kind-action@v1.2.0
      - name: run integration
        run: |
          pipenv run make test-integration
          pipenv run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [integration]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v2
  test-e2e:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
        with:
          python-version: '3.9'
      - uses: actions/setup-node@v2
        with:
          node-version: '16'
          cache: 'npm'
          cache-dependency-path: web/package-lock.json
      - uses: testspace-com/setup-testspace@v1
        with:
          domain: ${{github.repository_owner}}
      - id: cache-pipenv
        uses: actions/cache@v2.1.7
        with:
          path: ~/.local/share/virtualenvs
          key: ${{ runner.os }}-pipenv-v2-${{ hashFiles('**/Pipfile.lock') }}
      - name: prepare
        env:
          INSTALL: ${{ steps.cache-pipenv.outputs.cache-hit }}
        run: |
          scripts/ci_prepare.sh
          docker-compose -f tests/e2e/docker-compose.yml up -d
      - id: cache-web
        uses: actions/cache@v2.1.7
        with:
          path: web/dist
          key: ${{ runner.os }}-web-${{ hashFiles('web/package-lock.json', 'web/**') }}
      - name: prepare web ui
        if: steps.cache-web.outputs.cache-hit != 'true'
        run: |
          cd web
          npm i
          npm run build
      - name: run e2e
        run: |
          pipenv run make test-e2e
          pipenv run coverage xml
      - name: run testspace
        if: ${{ always() }}
        run: |
          testspace [e2e]unittest.xml --link=codecov
      - if: ${{ always() }}
        uses: codecov/codecov-action@v2
  build:
    needs:
      - lint
      - test-migrations
      - test-migrations-from-stable
      - test-unittest
      - test-integration
      - test-e2e
    runs-on: ubuntu-latest
    timeout-minutes: 120
    strategy:
      fail-fast: false
      matrix:
        arch:
          - 'linux/amd64'
    steps:
      - uses: actions/checkout@v2
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1.2.0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: prepare variables
        id: ev
        env:
          DOCKER_USERNAME: ${{ secrets.HARBOR_USERNAME }}
        run: |
          python ./scripts/gh_env.py
      - name: Login to Container Registry
        uses: docker/login-action@v1
        if: ${{ steps.ev.outputs.shouldBuild == 'true' }}
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Building Docker Image
        uses: docker/build-push-action@v2
        with:
          push: ${{ steps.ev.outputs.shouldBuild == 'true' }}
          tags: |
            ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}
            ghcr.io/goauthentik/dev-server:gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.sha }}
          build-args: |
            GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}
          platforms: ${{ matrix.arch }}