.github/workflows/e2e-gha.yml

name: "e2e: noscience, gha"
on:
  push:
  pull_request:
    branches:
      - master
env:
  CIUXCONFIG: /tmp/ciux.sh
  CIUX_VERSION: 769944575a
  GHA_BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
  SUFFIX: noscience
jobs:
  build:
    name: Build image
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v4
        with:
          go-version: '1.21.4'
      - name: Install ciux
        run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
      - name: Ciux project ignition
        run: ciux ignite $PWD
      - name: Build fink-broker image for k8s
        run: |
          ./build.sh --suffix "${{ env.SUFFIX }}" --tmp-registry "${{ env.CI_REPO }}"
      - name: Export fink-broker image
        run: |
          $(ciux get image --check $PWD --suffix "${{ env.SUFFIX }}" --env)
          mkdir -p artifacts
          if [ $CIUX_BUILD = true ]; then
            echo "Export $CIUX_IMAGE_URL to archive"
            docker save "$CIUX_IMAGE_URL" > artifacts/image.tar
          else
            echo "Using existing image $CIUX_IMAGE_URL"
          fi
          echo "IMAGE=$CIUX_IMAGE_URL" >> "$GITHUB_OUTPUT"
      - uses: actions/upload-artifact@v2
        with:
          name: docker-artifact
          path: artifacts
  integration-tests:
    name: Run integration tests
    runs-on: ubuntu-22.04
    needs: build
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v4
        with:
          go-version: '1.21.4'
      - name: Install ciux
        run: go install github.com/k8s-school/ciux@"${{ env.CIUX_VERSION }}"
      - name: Ciux project ignition
        run: |
          ciux ignite --selector ci --branch="$GHA_BRANCH_NAME" $PWD
      - name: Create k8s (kind) cluster
        run: |
          ktbx install kind
          ktbx install kubectl
          ktbx create -s
      - name: Install olm and argocd operators
        run: |
          ktbx install olm
          ktbx install argocd
      - name: Run argoCD
        run: |
          ./e2e/argocd.sh
      - name: Download image
        uses: actions/download-artifact@v3
        with:
          name: docker-artifact
          path: artifacts
      - name: Load container image inside kind
        run: |
          if [ -f artifacts/image.tar ]; then
            echo "Loading image from archive"
            docker load --input artifacts/image.tar
          else
            echo "Using existing image"
          fi
      - name: Install fink-alert-simulator pre-requisites (argo-workflows)
        run: |
          . "$CIUXCONFIG"
          .  "$FINK_ALERT_SIMULATOR_DIR"/prereq-install.sh
      - name: Run fink-alert-simulator
        run: |
          . "$CIUXCONFIG"
          "$FINK_ALERT_SIMULATOR_DIR"/argo-submit.sh
          argo watch @latest
      # - name: Setup tmate session
      # uses: mxschmitt/action-tmate@v3
      - name: Install fink-broker pre-requisites (JDK, Spark)
        run: |
          sudo apt-get -y update
          sudo apt-get -y install openjdk-8-jdk-headless
          ./e2e/prereq-install.sh
      - name: Run fink-broker
        run: |
          ./e2e/fink-start.sh
      - name: Check results
        run: |
          ./e2e/check-results.sh
  image-analysis:
    name: Analyze image
    runs-on: ubuntu-22.04
    permissions:
      security-events: write
    needs: build
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Download image
        uses: actions/download-artifact@v3
        with:
          name: docker-artifact
          path: artifacts
      - name: Load image in local registry
        run: |
          docker load --input artifacts/image.tar
          echo "IMAGE=$(cat artifacts/artifacts/image-tag)" >> $GITHUB_ENV
      - name: Scan fink-broker image
        uses: anchore/scan-action@v3
        id: scan
        with:
          image: "${{ env.IMAGE }}"
          fail-build: false
      - name: Display SARIF report
        run: |
          cat ${{ steps.scan.outputs.sarif }}
      - name: upload Anchore scan SARIF report
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}
  push:
    name: Push fink-broker image to IN2P3 registry
    runs-on: ubuntu-22.04
    needs: integration-tests
    steps:
      - name: Download image
        uses: actions/download-artifact@v3
        with:
          name: docker-artifact
          path: artifacts
      - name: Load image in local registry
        run: |
          docker load --input artifacts/image.tar
          echo "IMAGE=$(cat artifacts/image-tag)" >> $GITHUB_ENV
      - name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          registry: gitlab-registry.in2p3.fr
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_TOKEN }}
      - name: Push image to IN2P3 registry
        run: |
          docker push ${{ env.IMAGE }}