.github/workflows/ci.yml

name: Continuous Integration

on:
  pull_request:
    branches:
      - main
  workflow_call:


jobs:

  unit-tests:
    name: Unit Tests
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-java@v4
        with:
          java-version: 17
          distribution: corretto
          cache: gradle

      - name: Run unit tests
        run: ./gradlew clean allUnitTests testCodeCoverageReport jacocoTestCoverageVerification

  docker-build-test:
    name: Docker Build Test
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-java@v4
        with:
          java-version: 17
          distribution: corretto
          cache: gradle

      - name: ShadowJar
        run: ./gradlew shadowJar

      - name: Run Container
        run: docker compose up --build -d

  e2e-tests:
    name: End-to-end Tests
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v4

      - uses: actions/setup-java@v4
        with:
          java-version: 17
          distribution: corretto
          cache: gradle

      - name: Run e2e tests
        run: ./e2e-execute.sh


  lint:
    name: Linting
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # helps with Sonar scanning

      - uses: actions/setup-java@v4
        with:
          java-version: 17
          distribution: corretto
          cache: gradle

      - name: Code Formatting
        run: ./gradlew spotlessCheck

      - name: Sonar
        run: ./gradlew allBuilds testCodeCoverageReport e2e:assemble rs-e2e:assemble sonar --info
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: Terraform Formatting
        working-directory: operations
        run: terraform fmt -recursive -check


  securityScanAnalyze:
    name: CodeQL Security Scan
    uses: ./.github/workflows/codeql_reusable.yml


  migration-test:
    name: Database Migration Test
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:latest
        env:
          POSTGRES_DB: testdb
          POSTGRES_USER: testuser
          POSTGRES_PASSWORD: dogcow #pragma: allowlist secret
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    steps:
      - uses: actions/checkout@v4

      - name: Run Db migration
        uses: liquibase-github-actions/update@v4.30.0
        with:
          changelogFile: ./etor/databaseMigrations/root.yml
          url: "jdbc:postgresql://postgres:5432/testdb"
          username: testuser
          password: dogcow #pragma: allowlist secret
          labelFilter: '!azure'