.github/workflows/build.yml

name: build-push-image
on: [push]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  checkout-and-test:
    name: Checkout and test
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    strategy:
      matrix:
        python-version:
          - 3.10.6
        database-name:
          - deepl_core
        database-user:
          - postgres
        database-password:
          - postgres
        database-hostname:
          - localhost
        database-port:
          - 5432
    services:
      postgres:
        image: postgres:14
        env:
          POSTGRES_DB: ${{ matrix.database-name }}
          POSTGRES_USER: ${{ matrix.database-user }}
          POSTGRES_PASSWORD: ${{ matrix.database-password }}
        ports:
          - 5432:5432
        # Set health checks to wait until postgres has started
        options:
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    env:
      POSTGRES_DB: ${{ matrix.database-name }}
      POSTGRES_USER: ${{ matrix.database-user }}
      POSTGRES_PASSWORD: ${{ matrix.database-password }}
      POSTGRES_HOSTNAME: ${{ matrix.database-hostname }}
      POSTGRES_PORT: ${{ matrix.database-port }}

      REDIS_HOST: redis
      # Django
      DEBUG: false
      DJANGO_SECRET_KEY: insecure-key-just-for-testing
      ALLOWED_HOSTS: ''
      ENVIRONMENT: 'CI'
      CSRF_TRUSTED_ORIGINS: ''
      SUMMARIZATION_V2_ECS_ENDPOINT: ''

      # Celery
      CELERY_BROKER_URL: ''
      CELERY_RESULT_BACKEND: ''

      # Cron
      CRON_DEEP_FETCH_MINUTE: 0
      CRON_DEEP_FETCH_HOUR: '*'
      CRON_CREATE_INDICES_MINUTE: 0
      CRON_CREATE_INDICES_HOUR: '*'

      # DEEP
      DEEP_DB_PASSWORD: ''
      DEEP_DB_NAME: ''
      DEEP_DB_USER: ''
      DEEP_DB_PORT: ''
      DEEP_DB_HOST: ''

      # SENTRY
      SENTRY_DSN: ''

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v2.3.1
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install enchant library
        run: |
          sudo apt install enchant-2

      - name: Test
        run: |
          python -m pip install --upgrade poetry
          poetry install
          # Install enchant separately because adding it to poetry toml doesn't work
          poetry run pip install --upgrade pyenchant polars==0.18.6 pyarrow==12.0.0
          poetry run python manage.py migrate
          poetry run pytest --cov .
          poetry run coverage xml

  build-staging:
    name: Build and push images
    needs: checkout-and-test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main'
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to AWS ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build, Tag and Push Image to AWS ECR
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY_BACKEND_STAGING }}
          IMAGE_TAG: latest
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG


  build-prod:
    name: Build and push images
    environment: production
    needs: checkout-and-test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/release'
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to AWS ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build, Tag and Push Image to AWS ECR
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY_BACKEND }}
          IMAGE_TAG: latest
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

      - name: Upload Coverage to Codecov
        uses: codecov/codecov-action@v3
        with:
          token: ${{ secrets.CODECOV_TOKEN }}