.github/workflows/ci.yml

on:
  pull_request:
    paths-ignore:
      - "archives/**"
      - "docs/**"
      - "terraform/**"
      - "tombstone/**"
      - "docker/postgis/**"
  push:
    branches:
      - main
    paths-ignore:
      - "archives/**"
      - "docs/**"
      - "terraform/**"
      - "tombstone/**"
      - "docker/postgis/**"

name: Continuous Integration

jobs:
  test:
    runs-on: ubuntu-latest
    services:
      # PostGIS service for use with server tests
      postgres:
        image: "postgis/postgis:13-3.1"
        env:
          POSTGRES_DB: univaf-test
          POSTGRES_USER: test
          POSTGRES_PASSWORD: test-password
        ports:
          - 5432:5432
        # Set health checks to wait until postgres has started
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    steps:
      - uses: actions/checkout@v3

      - name: Install Node.js
        uses: actions/setup-node@v3
        with:
          node-version: 18.16.0

      - name: Cache Dependencies
        uses: actions/cache@v3
        with:
          path: |
            ~/.npm
            ~/.cache
          key: ${{ runner.os }}-npm-v2-${{ hashFiles('package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-npm-v2
            ${{ runner.os }}-npm-

      - name: Install dependencies
        run: |
          npm ci

      - name: Run common tests
        if: ${{ always() }}
        env:
          NOCK_BACK_MODE: lockdown
        run: |
          npm run test --workspace common

      # A build version of common will be needed for loader/server tests.
      - name: Build common package
        if: ${{ always() }}
        run: |
          npm run build --workspace common

      - name: Run server tests
        if: ${{ always() }}
        run: |
          npm run test --workspace server
        env:
          DB_HOST: localhost
          DB_PORT: 5432
          DB_USERNAME: test
          DB_NAME: univaf
          DB_PASSWORD: test-password

      - name: Run loader tests
        if: ${{ always() }}
        env:
          NOCK_BACK_MODE: lockdown
        run: |
          npm run test --workspace loader

      # TODO: We should write some tests :(
      - name: Build UI
        if: ${{ always() }}
        run: |
          cd ui
          NODE_ENV=production npm run build

  lint:
    name: Run linters
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: 18.16.0

      - name: Cache Dependencies
        uses: actions/cache@v3
        with:
          path: |
            ~/.npm
            ~/.cache
          key: ${{ runner.os }}-npm-v2-${{ hashFiles('package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-npm-v2
            ${{ runner.os }}-npm-

      - name: Install dependencies
        run: |
          npm ci

      # We have ESLint and Prettier installed separately in each subproject,
      # but this action can only run once per job. So we run the versions
      # installed in the server project on both at once, and have some weird
      # arguments.
      - name: Lint JS Code
        if: github.event_name != 'pull_request' ||
          github.event.pull_request.head.repo.full_name == github.repository
        uses: wearerequired/lint-action@v2
        with:
          eslint: true
          eslint_extensions: js,ts
          prettier: true

      - name: Lint JS Code (without GitHub checks)
        if: github.event_name == 'pull_request' &&
          github.event.pull_request.head.repo.full_name != github.repository
        run: |
          npx eslint --ext 'js,ts' .
          echo "--------------------------------------------------------------"
          echo "Prettier:"
          npx prettier --check .

  lint_workflows:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Lint workflow files
        run: |
          # Install actionlint
          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
          # Install matcher for GitHub line annotations
          curl 'https://raw.githubusercontent.com/rhysd/actionlint/main/.github/actionlint-matcher.json' > actionlint-matcher.json
          echo "::add-matcher::./actionlint-matcher.json"

          ./actionlint

  build_docker:
    needs:
      - lint
      - test
    runs-on: ubuntu-latest
    strategy:
      matrix:
        # Instead of building all combinations of a set of options, just build
        # these particular combinations.
        include:
          - repository: univaf-server
            target: server
            dockerfile: "./server/Dockerfile"
            build_path: "./server"

          - repository: univaf-loader
            target: loader
            dockerfile: "./loader/Dockerfile"
            build_path: "./loader"
    env:
      ECR_REPOSITORY: ${{ matrix.repository }}
      IMAGE_TAG: ${{ github.sha }}
    steps:
      - uses: actions/checkout@v3

      - name: Build ${{ matrix.repository }}
        run: |
          IMAGE_NAME="dev/${ECR_REPOSITORY}:${IMAGE_TAG}"
          docker buildx build \
            --tag "${IMAGE_NAME}" \
            --target "${{ matrix.target }}" \
            --build-arg RELEASE="${IMAGE_TAG}" \
            .

          # Report image info
          SIZE=$(
            docker image inspect \
              --format '{{ .VirtualSize }}' \
              "${IMAGE_NAME}"
          )
          SIZE_MB=$((SIZE / 1024 / 1024))
          echo "Built image \`${IMAGE_NAME}\`: ${SIZE_MB} MB" >> "$GITHUB_STEP_SUMMARY"