on:
  push:
    branches:
      - master
  pull_request:

name: Test
jobs:
  test:
    strategy:
      matrix:
        go-version: [1.17.x]
        platform: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.go-version }}
      - name: set env vars
        run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: cache go binaries
        uses: actions/cache@v2
        id: cache-go-bin
        with:
          path: ~/go/bin
          key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }}
          restore-keys: ${{ runner.os }}-go-bin

      - uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-go-
      - run: make deps-build
      - name: Lint
        if: runner.os == 'Linux'
        run: make lint
      - name: spellcheck
        if: runner.os == 'Linux'
        run: make spellcheck
      - name: test
        if: runner.os != 'Linux'
        run: make test

  cover:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: 1.17.x

      - uses: actions/checkout@v2
        with:
          fetch-depth: 0

      - name: set env vars
        run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

      - name: cache go binaries
        uses: actions/cache@v2
        id: cache-go-bin
        with:
          path: ~/go/bin
          key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }}
          restore-keys: ${{ runner.os }}-go-bin

      - uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-go-

      - name: cover
        run: make cover

      - uses: jandelgado/gcov2lcov-action@v1.0.8
        name: convert coverage to lcov
        with:
          infile: coverage.txt
          outfile: coverage.lcov

      - name: upload to coveralls
        uses: coverallsapp/github-action@1.1.3
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          path-to-lcov: coverage.lcov

  integration:
    strategy:
      fail-fast: false
      matrix:
        go-version: [1.17.x]
        platform: [ubuntu-latest]
        deployment: [kubernetes, multi, nginx, single, traefik]
        idp: [auth0, azure, github, gitlab, google, oidc, okta, onelogin, ping]
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.go-version }}
      - name: set env vars
        run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: build dev docker image
        run: |
          ./scripts/build-dev-docker.bash

      - name: start cluster
        run: |
          export POMERIUM_TAG=dev
          cd ./integration/clusters/${{matrix.idp}}-${{matrix.deployment}}
          docker-compose up -d

      - name: integration tests
        run: |
          (cd ./integration/clusters/${{matrix.idp}}-${{matrix.deployment}} && docker-compose logs -f &)
          go test -v ./integration/...

  build:
    strategy:
      matrix:
        go-version: [1.17.x]
        platform: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ matrix.go-version }}
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: build
        run: |
          make build-deps
          make build

      - name: save binary
        uses: actions/upload-artifact@v2
        with:
          path: bin/pomerium*
          name: pomerium ${{ github.run_id }} ${{ matrix.platform }}
          retention-days: 1

  build-docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - name: build
        run: docker build .

  precommit:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 0
      - uses: actions/setup-go@v2
        with:
          go-version: 1.17.x
      - uses: actions/setup-python@v2
      - uses: pre-commit/action@release
        with:
          extra_args: --show-diff-on-failure --from-ref ${{ github.event.pull_request.base.sha }} --to-ref ${{ github.event.pull_request.head.sha }}
        env:
          SKIP: lint

  license:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go-version: [1.17.x]
        platform: [ubuntu-latest]
    needs:
      - build
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: 1.17.x

      - uses: actions/checkout@v2

      - name: retrieve binary
        uses: actions/download-artifact@v2
        with:
          name: pomerium ${{ github.run_id }} ${{ matrix.platform }}
          path: bin/

      - name: download envoy
        run: make get-envoy

      - name: FOSSA Scan
        uses: fossa-contrib/fossa-action@v1
        with:
          fossa-api-key: 18f4ef488f514d06874b75f5809cea93