.github/workflows/ci.yaml

name: CI

on:
  push:
    branches: ['main', 'v1.2', 'v1.3']
    tags: ['**']
  pull_request:
  workflow_dispatch:

env:
  PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: '1'

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        include:

          - job_name: eslint
            run_script: yarn run eslint:lint

          - job_name: build
            run_script: yarn run build

          - job_name: test
            run_script: yarn run test

          - job_name: api-exporter
            run_script: |
              yarn run ts:build
              yarn run ae:test

          - job_name: lint-imports
            run_script: yarn tsx ./scripts/lint/module-import-linter.ts

          - job_name: dedupe
            run_script: yarn dedupe --check

    container: node:16-alpine
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Get yarn cache directory path
        run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
        id: yarn-cache-dir-path

      - name: Install GNU tar
        run: apk add --no-cache tar

      - name: Set up yarn cache
        uses: actions/cache@v3
        id: yarn-cache
        with:
          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: Install yarn deps
        run: |
          yarn --version
          yarn install --immutable

      - name: Run ${{ matrix.job_name }}
        run: ${{ matrix.run_script }}

  playwright:
    needs: [ test ]
    runs-on: ubuntu-latest
    container: mcr.microsoft.com/playwright:v1.32.3-focal

    services:
      postgres:
        image: postgres:13-alpine
        env:
          POSTGRES_PASSWORD: 'contember'
          POSTGRES_USER: 'contember'
          POSTGRES_DB: 'contember'
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

      contember-engine:
        image: contember/engine:1.2.0
        env:
          NODE_ENV: 'development'
          CONTEMBER_PORT: '4000'
          CONTEMBER_ROOT_EMAIL: 'superadmin@localhost'
          CONTEMBER_ROOT_PASSWORD: 'superadmin@localhost'
          CONTEMBER_ROOT_TOKEN: '0000000000000000000000000000000000000000'
          CONTEMBER_LOGIN_TOKEN: '1111111111111111111111111111111111111111'
          CONTEMBER_ENCRYPTION_KEY: '0000000000000000000000000000000000000000000000000000000000000000'
          DEFAULT_DB_HOST: 'postgres'
          DEFAULT_DB_PORT: '5432'
          DEFAULT_DB_USER: 'contember'
          DEFAULT_DB_PASSWORD: 'contember'
          TENANT_DB_NAME: 'contember'
          DEFAULT_S3_ENDPOINT: 'http://minio:9000'
          DEFAULT_S3_PROVIDER: 'minio'
          DEFAULT_S3_REGION: ''
          DEFAULT_S3_BUCKET: 'contember'
          DEFAULT_S3_PREFIX: 'data'
          DEFAULT_S3_KEY: 'contember'
          DEFAULT_S3_SECRET: 'contember'

      minio:
        image: bitnami/minio

        env:
          MINIO_ROOT_USER: 'contember'
          MINIO_ROOT_PASSWORD: 'contember'
          MINIO_DEFAULT_BUCKETS: 'contember:download'

    env:
      VITE_CONTEMBER_ADMIN_API_BASE_URL: 'http://contember-engine:4000'
      VITE_CONTEMBER_ADMIN_SESSION_TOKEN: '0000000000000000000000000000000000000000'
      HOME: '/root'

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Get yarn cache directory path
        id: yarn-cache-dir-path
        run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT

      - name: Set up yarn cache
        uses: actions/cache@v3
        id: yarn-cache
        with:
          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: Install yarn deps
        run: |
          yarn --version
          yarn install --immutable

      - name: Prepare for playwright tests
        run: |
          yarn run admin:pw:build

      - name: Run playwright tests
        run: yarn run admin:pw:test --forbid-only

      - uses: jakejarvis/s3-sync-action@master
        if: always()
        with:
          args: --acl public-read
        env:
          AWS_S3_BUCKET: 'contember-admin'
          AWS_ACCESS_KEY_ID: ${{ secrets.PLAYWRIGHT_S3_KEY }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.PLAYWRIGHT_S3_SECRET }}
          AWS_S3_ENDPOINT: 'https://fra1.digitaloceanspaces.com'
          SOURCE_DIR: 'packages/admin/tests/playwright/report'
          DEST_DIR: ${{ github.sha }}

      - uses: phulsechinmay/rewritable-pr-comment@v0.2.1
        if: always() && github.event_name == 'pull_request'
        with:
          message: '[Playwright Test Report](https://contember-admin.fra1.digitaloceanspaces.com/${{ github.sha }}/index.html)'
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}


  publish-npm:
    if: github.event_name == 'push' && github.ref_type == 'tag'
    needs: [test, playwright]
    runs-on: ubuntu-latest
    container: node:16-alpine

    env:
      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Get yarn cache directory path
        id: yarn-cache-dir-path
        run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT

      - name: Install GNU tar
        run: apk add --no-cache tar

      - name: Set up yarn cache
        uses: actions/cache@v3
        id: yarn-cache
        with:
          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: Extract version from tag
        run: echo "PACKAGE_VERSION=${GITHUB_REF:11}" >> $GITHUB_ENV

      - name: Install yarn deps
        run: |
          yarn --version
          yarn install --immutable

      - name: Build
        run: yarn run build

      - name: Publish
        run: |
          yarn config set npmAuthToken "$NPM_TOKEN"
          yarn workspaces foreach -t version "${GITHUB_REF:11}"
          yarn workspaces foreach -pt --no-private npm publish --access public


  publish-docker:
    if: (github.event_name == 'push' && github.ref_type == 'tag') || github.event_name == 'workflow_dispatch'
    needs: [test, playwright]
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-qemu-action@v1
      - uses: docker/setup-buildx-action@v1

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Release Tag
        if: github.event_name == 'push' && github.ref_type == 'tag'
        run: 'echo "TAG=${GITHUB_REF:11}" >> $GITHUB_ENV'

      - name: Canary Tag
        if: github.event_name == 'workflow_dispatch'
        run: 'echo "TAG=canary-${GITHUB_SHA:0:10}" >> $GITHUB_ENV'

      - name: Build & Publish Docker Image
        env:
          DOCKER_USER: ${{ secrets.DOCKER_USER }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        run: |
          docker login --username "$DOCKER_USER" --password "$DOCKER_PASSWORD"
          docker buildx build \
            --platform linux/amd64,linux/arm64 \
            --file ee/admin-server/Dockerfile \
            --cache-from type=registry,ref=ghcr.io/contember/admin \
            --cache-to   type=registry,ref=ghcr.io/contember/admin,mode=max \
            --tag "contember/admin:$TAG" \
            --push \
            .