name: CI

on:
  push:
    paths-ignore:
      - '*.md'
  pull_request:
  workflow_dispatch:

jobs:
  test_local:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
    name: 'Test / ${{ matrix.python-version }}'
    env:
      # API request rate limit is easily exceeded otherwise:
      CGITIZE_GITHUB_TOKEN: '${{ secrets.CGITIZE_GITHUB_TOKEN }}'
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '${{ matrix.python-version }}'
          cache: pip
      - name: 'Install package & dependencies'
        run: pip install -q -e .
      - name: Verify that scripts are runnable
        run: cgitize --version
      - name: Run tests
        run: make test

  test_docker:
    runs-on: ubuntu-latest
    name: 'Test / Docker'
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Integration test (Docker)
        run: sudo make test/docker

  test_example_config:
    needs: [test_local, test_docker]
    runs-on: ubuntu-latest
    name: 'Test / example config'
    env:
      # API request rate limit is easily exceeded otherwise:
      CGITIZE_GITHUB_TOKEN: '${{ secrets.CGITIZE_GITHUB_TOKEN }}'
      # Consider creating a separate user (without my private repositories)
      # for testing Bitbucket).
      #CGITIZE_BITBUCKET_USERNAME: egor-tensin
      #CGITIZE_BITBUCKET_TOKEN: '${{ secrets.CGITIZE_BITBUCKET_TOKEN }}'
      # Same goes for GitLab.
      #CGITIZE_GITLAB_USERNAME: egor-tensin
      #CGITIZE_GITLAB_TOKEN: '${{ secrets.CGITIZE_GITLAB_TOKEN}}'
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          cache: pip
      - name: Install dependencies
        run: pip install -q -r requirements.txt
      - name: Set up ssh-agent
        uses: webfactory/ssh-agent@v0.7.0
        with:
          ssh-private-key: '${{ secrets.SSH_KEY }}'
      - name: Integration test (example config)
        run: make test/example

  publish_docker:
    needs: [test_local, test_example_config, test_docker]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        service: [backend, frontend]
        include:
          - {service: backend, file: docker/Dockerfile, image: cgitize}
          - {service: frontend, context: docker/frontend, image: cgitize-frontend}
    name: 'Publish / Docker Hub / ${{ matrix.service }}'
    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      # https://github.com/docker/metadata-action#semver
      - id: meta
        name: Docker Hub metadata
        uses: docker/metadata-action@v4
        with:
          images: '${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}'
          flavor: |
            latest=auto
          tags: |
            type=ref,event=branch
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: '${{ secrets.DOCKERHUB_USERNAME }}'
          password: '${{ secrets.DOCKERHUB_TOKEN }}'
      - id: platforms
        name: Which platforms?
        # Building for ARM for every commit in master is too time-consuming.
        run: |
          if [ '${{ github.ref }}' = 'refs/heads/master' ]; then
              echo 'platforms=amd64' >> "$GITHUB_OUTPUT"
          else
              echo 'platforms=amd64,armhf,arm64' >> "$GITHUB_OUTPUT"
          fi
      - name: Build and publish
        uses: docker/build-push-action@v3
        with:
          context: '${{ matrix.context }}'
          file: '${{ matrix.file }}'
          labels: '${{ steps.meta.outputs.labels }}'
          platforms: '${{ steps.platforms.outputs.platforms }}'
          push: true
          tags: '${{ steps.meta.outputs.tags }}'

  publish_pypi:
    needs: [test_local, test_example_config, test_docker, publish_docker]
    runs-on: ubuntu-latest
    name: 'Publish / PyPI'
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Python
        uses: actions/setup-python@v4
      - name: Verify package can be installed
        run: pip install -q .
      - name: Install package builder
        run: pip install -q --upgrade build
      - name: Build package
        run: python -m build
      - name: Publish as artifact
        uses: actions/upload-artifact@v3
        with:
          name: dist
          path: dist
          if-no-files-found: error
      - name: Publish to PyPI
        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          user: __token__
          password: '${{ secrets.PYPI_API_TOKEN }}'