.github/workflows/build.yml

name: build

on: push

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Checkout
        uses: actions/checkout@v3
      - name: Expose GitHub Runtime
        uses: crazy-max/ghaction-github-runtime@v2
      - name: Build static files
        run: |
          GIT_REVISION=$(git rev-parse --short HEAD)
          GIT_RELEASE=$(git describe --tags --exact-match 2> /dev/null || echo -n '')
          docker buildx build --build-arg GIT_REVISION="$GIT_REVISION" --build-arg GIT_RELEASE="$GIT_RELEASE" --target static-stage -t vault-static --cache-from=type=gha --cache-to=type=gha,mode=max --load .
          docker run --rm vault-static cat vault-web.tar.gz > vault-web.tar.gz
          sha256sum vault-web.tar.gz | awk '{print $1}' > vault-web.tar.gz.sha256
          docker run --rm vault-static cat vault-wasm-nodejs.tar.gz > vault-wasm-nodejs.tar.gz
      - uses: actions/upload-artifact@v3
        with:
          name: vault-web
          path: vault-web.tar.gz*
          retention-days: 30
      - uses: actions/upload-artifact@v3
        with:
          name: vault-wasm-nodejs
          path: vault-wasm-nodejs.tar.gz*
          retention-days: 30

  build-fake-remote:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - uses: actions/cache@v3
        with:
          path: ~/.cargo/registry
          key: "cargo-registry-${{ hashFiles('**/Cargo.lock') }}"
      - uses: actions/cache@v3
        with:
          path: ~/.cargo/git
          key: "cargo-index-${{ hashFiles('**/Cargo.lock') }}"
      - uses: actions/cache@v3
        with:
          path: target
          key: cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
      - name: Install rust
        uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d
        with:
          toolchain: "1.75.0"
      - name: Build fake-remote
        run: cargo build --bin fake_remote
        working-directory: vault-fake-remote
      - uses: actions/upload-artifact@v3
        with:
          name: vault-fake-remote
          path: target/debug/fake_remote
          retention-days: 30

  cargo-test:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - uses: actions/cache@v3
        with:
          path: ~/.cargo/registry
          key: "cargo-registry-${{ hashFiles('**/Cargo.lock') }}"
      - uses: actions/cache@v3
        with:
          path: ~/.cargo/git
          key: "cargo-index-${{ hashFiles('**/Cargo.lock') }}"
      - uses: actions/cache@v3
        with:
          path: target
          key: cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
      - name: Install dev libraries
        run: |
          sudo apt update
          sudo apt install libwebkit2gtk-4.0-dev build-essential curl wget file libssl-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev
      - name: Install rust
        uses: dtolnay/rust-toolchain@b44cb146d03e8d870c57ab64b80f04586349ca5d
        with:
          toolchain: "1.75.0"
      - name: Run cargo test
        run: cargo test

  playwright:
    timeout-minutes: 60
    runs-on: ubuntu-latest
    needs: [build, build-fake-remote]
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 18
      - name: Install vault-web dependencies
        run: npm ci
        working-directory: vault-web
      - name: Install vault-web-tests dependencies
        run: npm ci
        working-directory: vault-web-tests
      - name: Install Playwright Browsers
        run: npx playwright install --with-deps
        working-directory: vault-web-tests
      - uses: actions/download-artifact@v3
        with:
          name: vault-web
      - uses: actions/download-artifact@v3
        with:
          name: vault-wasm-nodejs
      - uses: actions/download-artifact@v3
        with:
          name: vault-fake-remote
      - name: Unpack vault-web into dist
        run: |
          mkdir dist
          cd dist
          tar xf ../../vault-web.tar.gz
        working-directory: vault-web
      - name: Unpack vault-wasm-nodejs into vault-web-tests
        run: |
          mkdir vault-wasm-nodejs
          cd vault-wasm-nodejs
          tar xf ../../vault-wasm-nodejs.tar.gz
        working-directory: vault-web-tests
      - name: Prepare fake remote
        run: |
          chmod +x fake_remote
      - name: Run eslint
        run: npm run eslint
        working-directory: vault-web-tests
      - name: Run tsc
        run: npm run tsc
        working-directory: vault-web-tests
      - name: Run Playwright tests
        run: |
          ../fake_remote &

          while ! curl -s http://127.0.0.1:3080/health > /dev/null; do
            echo "Waiting for fake remote to start..."
            sleep 1
          done

          scripts/use-fake-remote.sh ../vault-web/public/config.json
          scripts/use-fake-remote.sh ../vault-web/dist/config.json

          npx playwright test
        working-directory: vault-web-tests
      - uses: actions/upload-artifact@v3
        if: always()
        with:
          name: playwright-report
          path: vault-web-tests/playwright-report/
          retention-days: 30

  release:
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/')
    needs: [build, cargo-test, playwright]
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: vault-web
      - name: Release
        uses: softprops/action-gh-release@v1
        with:
          files: |
            vault-web.tar.gz
            vault-web.tar.gz.sha256
          draft: true
          generate_release_notes: true

  deploy-preview:
    runs-on: ubuntu-latest
    needs: [build]
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: vault-web
      - name: Deploy
        env:
          KOOFR_VAULT_PREVIEW_DEPLOY_KEY : ${{secrets.KOOFR_VAULT_PREVIEW_DEPLOY_KEY}}
        run: |
          mkdir -p ~/.ssh
          echo "$KOOFR_VAULT_PREVIEW_DEPLOY_KEY" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
          cat > ~/.ssh/config <<EOF
            Host github.com
              HostName github.com
              IdentityFile ~/.ssh/id_rsa
              IdentitiesOnly yes
          EOF
          git config --global user.name "${GITHUB_ACTOR}"
          git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"

          git clone git@github.com:koofr-vault-preview/koofr-vault-preview.github.io.git

          cd koofr-vault-preview.github.io
          rm -Rf *

          tar xf ../vault-web.tar.gz

          # SPA 404 handler
          cp index.html 404.html

          # configure preview oauth2 credentials for redirect uri
          # https://koofr-vault-preview.github.io/oauth2callback
          sed -i 's@"oauth2ClientId":.*@"oauth2ClientId": "TERND3Q7BAFGFW6IXDP4ZK2A2OASSFS4",@' config.json
          sed -i 's@"oauth2ClientSecret":.*@"oauth2ClientSecret": "L26Z7PTEBL7KU27JRPX6IADZUMD6ZMGGJ34MOUMU6FF7AOEXVF5WGEKDZ25YREWL",@' config.json

          git add -A
          git commit -m "Update assets" --allow-empty
          git push -f origin main