.github/workflows/test_env_vars.yaml

name: "Test environment variables are in sync"

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

defaults:
  run:
    shell: bash

jobs:
  test_env_vars:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Get example env var keys
        run: |
          ENV_KEYS_EXAMPLE="$(make env-keys-example)"
          echo "::add-mask::$ENV_KEYS_EXAMPLE"
          echo "ENV_KEYS_EXAMPLE=$ENV_KEYS_EXAMPLE" >> $GITHUB_ENV

      - name: Configure AWS staging credentials
        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
        with:
          aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
          aws-region: ca-central-1

      - name: Get staging env var keys
        run: |
          make decrypt-staging
          ENV_KEYS_STAGING="$(make env-keys-staging)"
          echo "::add-mask::$ENV_KEYS_STAGING"
          echo "ENV_KEYS_STAGING=$ENV_KEYS_STAGING" >> $GITHUB_ENV

      - name: Configure AWS production credentials
        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
        with:
          aws-access-key-id: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}
          aws-region: ca-central-1

      - name: Get production env var keys
        run: |
          make decrypt-production
          ENV_KEYS_PRODUCTION="$(make env-keys-production)"
          echo "::add-mask::$ENV_KEYS_PRODUCTION"
          echo "ENV_KEYS_PRODUCTION=$ENV_KEYS_PRODUCTION" >> $GITHUB_ENV

      - name: Test example and staging env vars
        uses: ./.github/actions/diff-env-vars
        with:
          env1-name: EXAMPLE
          env1-vars: ${{ env.ENV_KEYS_EXAMPLE }}
          env2-name: STAGING
          env2-vars: ${{ env.ENV_KEYS_STAGING }}

      - name: Test example and production env vars
        uses: ./.github/actions/diff-env-vars
        if: always()
        with:
          env1-name: EXAMPLE
          env1-vars: ${{ env.ENV_KEYS_EXAMPLE }}
          env2-name: PRODUCTION
          env2-vars: ${{ env.ENV_KEYS_PRODUCTION }}

      - name: Test staging and production env vars
        uses: ./.github/actions/diff-env-vars
        if: always()
        with:
          env1-name: STAGING
          env1-vars: ${{ env.ENV_KEYS_STAGING }}
          env2-name: PRODUCTION
          env2-vars: ${{ env.ENV_KEYS_PRODUCTION }}