name: Build and test Docker image

on:
  pull_request:
    branches:
      - main
    paths-ignore:
      - "./**/*.md"
      - "LICENSE"
      - 'social/'
      - '.gitignore'
      - 'docker-compose.yml'
      - 'Makefile'

env:
  IMAGE_NAME: localhost:5000/cdalvaro/docker-salt-master:${{ github.sha }}
  REGISTRY_PATH: ${{ github.workspace }}/registry
  CACHE_PATH: ${{ github.workspace }}/.buildx-cache

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: network=host

      - name: Start Docker registry
        run: |
          docker run --rm --detach --publish 5000:5000 \
            --volume ${REGISTRY_PATH}:/var/lib/registry \
            --name registry registry:2

      - name: Cache Docker layers
        id: cache-docker-layers
        uses: actions/cache@v3
        with:
          path: ${{ env.CACHE_PATH }}
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-

      - name: Cache hit
        continue-on-error: true
        env:
          CACHE_HIT: ${{ steps.cache-docker-layers.outputs.cache-hit }}
        run: |
          if [[ "${CACHE_HIT}" != 'true' ]]; then
            echo "No cache hit" >&2
            exit 1
          fi
          echo "Cache contents available at: ${CACHE_PATH}"

      - name: Build docker-salt-master image
        uses: docker/build-push-action@v5.0.0
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64,linux/arm64
          outputs: |
            type=image,annotation-index.org.opencontainers.image.description=salt-master latest containerized
          cache-from: |
            type=local,src=${{ env.CACHE_PATH }}
            ghcr.io/cdalvaro/docker-salt-master:latest
          cache-to: type=local,dest=${{ env.CACHE_PATH }}
          pull: true
          push: true
          tags: ${{ env.IMAGE_NAME }}

      - name: Stop Docker registry
        run: docker stop registry

      - name: Upload Docker registry data for testing
        uses: actions/upload-artifact@v3
        with:
          name: docker-registry-data
          path: ${{ env.REGISTRY_PATH }}/

  test:
    name: Test
    runs-on: ubuntu-latest
    needs: build
    strategy:
      matrix:
        platform: [linux/amd64, linux/arm64]
    env:
      DOCKER_CLI_EXPERIMENTAL: enabled
      PLATFORM: ${{ matrix.platform }}
      BOOTUP_WAIT_SECONDS: 90

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Download Docker registry data from build job
        uses: actions/download-artifact@v3
        with:
          name: docker-registry-data
          path: ${{ env.REGISTRY_PATH }}

      - name: Enable Docker experimental
        run: |
          # Enable docker daemon experimental support.
          echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json
          sudo systemctl restart docker
          # Install QEMU multi-architecture support for docker buildx.
          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes

      - name: Start Docker registry
        run: |
          docker run --rm --detach --publish 5000:5000 \
            --volume ${REGISTRY_PATH}:/var/lib/registry \
            --name registry registry:2
          sleep 10

      - name: Import Docker images
        run: docker pull --platform ${{ matrix.platform }} ${IMAGE_NAME}

      - name: Docker inspect
        run: docker buildx imagetools inspect ${IMAGE_NAME} | grep '${{ matrix.platform }}'

      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.10'

      - name: Install and configure salt-minion
        run: |
          # Install salt-minion from salt repos
          curl -o bootstrap-salt.sh -L https://bootstrap.saltproject.io
          sudo sh bootstrap-salt.sh -dXP stable
          sudo systemctl stop salt-minion
          sudo systemctl disable salt-minion
          sudo rm -f /var/log/salt/minion

      - name: Execute basic tests
        if: always()
        run: tests/basic/test.sh

      - name: Execute salt-api tests
        if: always()
        run: tests/salt-api/test.sh

      - name: Execute gitfs tests
        if: always()
        env:
          GITFS_KEYS_DIR: tests/gitfs/data/keys/gitfs
          SSH_PRIVATE_KEY: ${{ secrets.TESTS_REPO_PRIVATE_KEY }}
          SSH_PUBLIC_KEY: ${{ secrets.TESTS_REPO_PUBLIC_KEY }}
        run: |
          mkdir -p "${GITFS_KEYS_DIR}"
          echo "${SSH_PRIVATE_KEY}" | base64 -d > "${GITFS_KEYS_DIR}"/gitfs_ssh
          chmod 600 "${GITFS_KEYS_DIR}"/gitfs_ssh
          echo "${SSH_PUBLIC_KEY}" | base64 -d > "${GITFS_KEYS_DIR}"/gitfs_ssh.pub
          chmod 644 "${GITFS_KEYS_DIR}"/gitfs_ssh.pub
          tests/gitfs/test.sh

      - name: Execute config-reloader tests
        if: always()
        run: tests/config-reloader/test.sh

      - name: Execute GPG tests
        if: always()
        run: tests/gpg/test.sh

      - name: Cleanup
        if: always()
        run: |
          docker rm --force registry