.github/workflows/ci.yml

name: CI
on: [push, pull_request]

defaults:
  run:
    shell: bash

jobs:
  lint:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        ubuntu_version:
          - focal
          - noble
    container: ubuntu:${{ matrix.ubuntu_version }}
    steps:
      - name: Install Git
        run: |
          apt-get update && apt-get install --yes git
      - uses: actions/checkout@v4
      - name: Install dependencies
        run: |
          DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install --yes --no-install-recommends \
            build-essential python3-virtualenv python3-dev enchant-2 file apache2-dev jq libarchive-tools
          virtualenv .venv
          # TODO: this should be one step, but there are too many conflicting dependencies
          ./.venv/bin/pip install -r securedrop/requirements/python3/test-requirements.txt
          ./.venv/bin/pip install -r securedrop/requirements/python3/requirements.txt
          ./.venv/bin/pip install -r securedrop/requirements/python3/develop-requirements.txt
      - name: Run lint
        run: |
          git config --global --add safe.directory $GITHUB_WORKSPACE
          source .venv/bin/activate
          make lint
          make verify-mo

  test-app:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        ubuntu_version:
          - focal
          - noble
    steps:
      - uses: actions/checkout@v4
      - name: Build image
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true
      - name: Run application tests
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-app

  test-functional:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        ubuntu_version:
          - focal
          - noble
    steps:
      - uses: actions/checkout@v4
      - name: Build image
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true
      - name: Run functional tests
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-functional

  test-pageslayout:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        ubuntu_version:
          - focal
          - noble
    steps:
      - uses: actions/checkout@v4
      - name: Build image
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} DOCKER_BUILD_VERBOSE=true ./securedrop/bin/dev-shell true
      - name: Run page layout tests
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} make test-pageslayout
      - name: Validate HTML (informational)
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} make validate-test-html || true
      - name: Validate accessibility (informational)
        run: |
          UBUNTU_VERSION=${{ matrix.ubuntu_version }} make accessibility-summary || true

  rust:
    runs-on: ubuntu-latest
    # Keep version in sync with rust-toolchain.toml
    container: rust:1.81.0
    steps:
      - uses: actions/checkout@v4
      - name: Install dependencies
        run: |
          rustup component add rustfmt
          rustup component add clippy
      - name: Lint and test Rust code
        run: |
          make rust-lint
          make rust-test

  updater-gui-tests:
    runs-on: ubuntu-latest
    container: debian:bookworm
    steps:
      - name: Install dependencies
        run: |
          apt-get update && apt-get install --yes git libqt5designer5 python3-venv
      - uses: actions/checkout@v4
      - name: Install Python dependencies
        run: |
          cd journalist_gui
          python3 -m venv .venv/ && source .venv/bin/activate
          pip install --require-hashes -r dev-requirements.txt
      - name: Run tests
        run: |
          cd journalist_gui
          source .venv/bin/activate
          QT_QPA_PLATFORM=offscreen python3 test_gui.py -v

  admin-tests:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run tests
        run: |
          make -C admin test