ci.yaml

name: Build Pipeline

on:
  push:
    branches:
      - main
    paths-ignore:
      - "docs/**"
      - "README.md"
  pull_request:
    branches:
      - main
    paths-ignore:
      - "docs/**"
      - "README.md"

concurrency:
  group: "${{ github.workflow }} @ ${{ github.head_ref || github.ref }}"
  cancel-in-progress: true

env:
  CI: true

jobs:
  tests:
    uses: ./.github/workflows/tests-workflow.yaml
    secrets: inherit
  format-and-clippy:
    uses: ./.github/workflows/format-workflow.yaml
    secrets: inherit
  build-and-push-docker-image:
    runs-on: arc-runner-set
    needs: [tests, format-and-clippy]
    permissions:
      id-token: write
      contents: write
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.CI_AWS_ROLE }}
          aws-region: eu-west-1
      - uses: actions/checkout@v4
        with:
          submodules: recursive
          token: ${{ secrets.CI_TOKEN }}
      - name: Determine short SHA
        uses: actions/github-script@v7
        id: determined-sha
        with:
          script: |
            const { ref } = context
            const isMainBranch = ref === 'refs/heads/main'

            let tag;

            if(isMainBranch) {
              tag = `master`
            } else {
              tag = ref.startsWith('refs/pull/')
                ? context.payload.pull_request.head.sha
                : context.sha
              tag = tag.slice(0, 7)
            }

            core.setOutput('sha', tag)
      - name: Upload to Blueground ECR
        env:
          ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
          RUSTIC_WITCHER_DOCKER_IMAGE_TAG: ${{ steps.determined-sha.outputs.sha }}
        run: |
          aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }}
          make build_and_push_docker_image_bg