name: Test
permissions:
  contents: read
on:
  push:
    branches:
      - main
  pull_request:

jobs:
  test:
    strategy:
      matrix:
        go-version: [1.18.x]
        node-version: [16.x]
        platform: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
        with:
          go-version: ${{ matrix.go-version }}

      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93
        with:
          node-version: ${{ matrix.node-version }}

      - name: set env vars
        run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0

      - name: cache go binaries
        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
        id: cache-go-bin
        with:
          path: ~/go/bin
          key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }}
          restore-keys: ${{ runner.os }}-go-bin

      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-go-

      - run: make deps-build
      - name: Lint
        if: runner.os == 'Linux'
        run: make lint
      - name: test
        run: make test

  cover:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go-version: [1.18.x]
        node-version: [16.x]
    steps:
      - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
        with:
          go-version: ${{ matrix.go-version }}

      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93
        with:
          node-version: ${{ matrix.node-version }}

      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0

      - name: set env vars
        run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH

      - name: cache go binaries
        uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
        id: cache-go-bin
        with:
          path: ~/go/bin
          key: ${{ runner.os }}-${{ hashFiles('**/go.mod') }}
          restore-keys: ${{ runner.os }}-go-bin

      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-go-

      - name: cover
        run: make cover

      - uses: jandelgado/gcov2lcov-action@c680c0f7c7442485f1749eb2a13e54a686e76eb5
        name: convert coverage to lcov
        with:
          infile: coverage.txt
          outfile: coverage.lcov

      - name: upload to coveralls
        uses: coverallsapp/github-action@9ba913c152ae4be1327bfb9085dc806cedb44057
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          path-to-lcov: coverage.lcov

  integration:
    strategy:
      fail-fast: false
      matrix:
        go-version: [1.18.x]
        node-version: [16.x]
        platform: [ubuntu-latest]
        deployment: [kubernetes, multi, nginx, single, traefik]
        idp: [auth0, azure, github, gitlab, google, oidc, okta, onelogin, ping]
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
        with:
          go-version: ${{ matrix.go-version }}

      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93
        with:
          node-version: ${{ matrix.node-version }}

      - name: set env vars
        run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0
      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
        with:
          path: |
            ~/go/pkg
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: build dev docker image
        run: |
          ./scripts/build-dev-docker.bash

      - name: start cluster
        run: |
          export POMERIUM_TAG=dev
          cd ./integration/clusters/${{matrix.idp}}-${{matrix.deployment}}
          docker-compose up -d

      - name: integration tests
        run: |
          (cd ./integration/clusters/${{matrix.idp}}-${{matrix.deployment}} && docker-compose logs -f &)
          go test -v ./integration/...

  build:
    strategy:
      matrix:
        go-version: [1.18.x]
        node-version: [16.x]
        platform: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.platform }}
    steps:
      - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
        with:
          go-version: ${{ matrix.go-version }}

      - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93
        with:
          node-version: ${{ matrix.node-version }}

      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0
      - uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
            ~/Library/Caches/go-build
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: build
        run: |
          make build-deps
          make build

      - name: save binary
        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
        with:
          path: bin/pomerium*
          name: pomerium ${{ github.run_id }} ${{ matrix.platform }}
          retention-days: 1

  build-docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6

      - name: Docker Build
        uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94
        with:
          context: .
          file: ./Dockerfile
          push: false

  precommit:
    runs-on: ubuntu-latest
    if: github.event_name == 'pull_request'
    steps:
      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
        with:
          fetch-depth: 0
      - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
        with:
          go-version: 1.18.x
      - uses: actions/setup-python@b55428b1882923874294fa556849718a1d7f2ca5
        with:
          python-version: "3.x"
      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
        with:
          extra_args: --show-diff-on-failure --from-ref ${{
            github.event.pull_request.base.sha }} --to-ref ${{
            github.event.pull_request.head.sha }}
        env:
          SKIP: lint

  license:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        go-version: [1.18.x]
        platform: [ubuntu-latest]
    needs:
      - build
    steps:
      - uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
        with:
          go-version: 1.18.x

      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b

      - name: retrieve binary
        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
        with:
          name: pomerium ${{ github.run_id }} ${{ matrix.platform }}
          path: bin/

      - name: download envoy
        run: make get-envoy

      - name: FOSSA Scan
        uses: fossa-contrib/fossa-action@6cffaa064112e1cf9b5798c6224f9487dc1ec316
        with:
          fossa-api-key: 18f4ef488f514d06874b75f5809cea93