.github/workflows/tests.yml

---
# yamllint disable rule:line-length

name: Tests
on:  # yamllint disable-line rule:truthy
  push:
    branches:
      - master
      - release*
    tags:
      - "*"
  pull_request:
    branches:
      - master
      - release*
  workflow_dispatch:

env:
  GO_VERSION: "1.22"
  KIND_VERSION: "0.23.0"
  GO111MODULE: "on"
  IMAGE: "quay.io/backube/snapscheduler"

jobs:
  lint:
    name: Lint
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout source
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install pre-commit
        run: |
          python -m pip install --user pre-commit
          echo "PYHASH=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV

      - name: Enable cache for pre-commit hooks
        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
        with:
          path: ~/.cache/pre-commit
          key: pre-commit|${{ env.PYHASH }}|${{ hashFiles('.pre-commit-config.yaml') }}
          restore-keys: |
            pre-commit|${{ env.PYHASH }}
            pre-commit|

      - name: Run pre-commit checks
        run: |
          pre-commit run -a
          pre-commit gc

  codescan:
    name: CodeQL scan
    runs-on: ubuntu-22.04
    permissions:
      security-events: write

    steps:
      - name: Checkout source
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GO_VERSION }}

      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Initialize CodeQL
        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15

      - name: Download modules
        run: go mod download

      - name: Build operator
        run: make build

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15

  build:
    name: Build
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout source
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GO_VERSION }}

      - name: Build operator container
        run: make docker-build IMAGE=${IMAGE}

      - name: Export container image
        run: docker save -o /tmp/image.tar ${IMAGE}

      - name: Save container as artifact
        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
        with:
          name: container
          path: /tmp/image.tar

  test:
    name: Unit test
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout source
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install Go
        uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
        with:
          go-version: ${{ env.GO_VERSION }}

      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Ensure go module files are up-to-date
        run: |
          go mod tidy
          diff=$(git diff --color -- go.mod go.sum)
          if [ -n "$diff" ]; then
            echo "$diff"
            echo "***** go modules are out-of-date *****"
            echo "*****     run 'go mod tidy'      *****"
            exit 1
          fi

      - name: Run unit tests
        run: make test

      - name: Upload coverage
        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          file: cover.out

  e2e:
    name: End-to-end
    needs: [build, test]
    runs-on: ubuntu-22.04
    strategy:
      fail-fast: false
      matrix:
        # There must be kindest/node images for these versions
        # See: https://hub.docker.com/r/kindest/node/tags?page=1&ordering=last_updated
        # OpenShift dates: https://access.redhat.com/support/policy/updates/openshift#dates
        KUBERNETES_VERSIONS:
          - "1.20.15"  # Oldest that is expected to work
          # - "1.21.14"
          # - "1.22.17"
          # - "1.23.17"
          # - "1.24.17"
          - "1.25.16"  # OCP 4.12 until 2025-01-17
          - "1.26.15"  # OCP 4.13 until 2024-11-17
          - "1.27.13"  # OCP 4.14 until 2026-10-31
          - "1.28.9"   # OCP 4.15 until 2025-08-27
          - "1.29.4"   # OCP 4.16
          - "1.30.0"   # OCP 4.17

    env:
      KUBECONFIG: /tmp/kubeconfig
      KUBERNETES_VERSION: ${{ matrix.KUBERNETES_VERSIONS }}

    steps:
      # Bash as default shell is needed by the kuttl tests
      - name: Set bash as default shell
        run: |
          echo 'APT::Acquire::Retries "5";' | sudo tee /etc/apt/apt.conf.d/80-retries
          sudo apt-get update
          sudo DEBIAN_FRONTEND=noninteractive apt-get install -y bash
          sudo ln -s bash /bin/sh.bash
          sudo mv /bin/sh.bash /bin/sh

      - name: Checkout source
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Install Helm
        run: make helm

      - name: Install kubectl
        run: |
          curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBERNETES_VERSION}/bin/linux/amd64/kubectl"
          sudo install ./kubectl /usr/local/bin/
          kubectl version --client
          kubectl version --client | grep -q ${KUBERNETES_VERSION}

      - name: Install kind
        run: |
          curl -L -o kind https://github.com/kubernetes-sigs/kind/releases/download/v${KIND_VERSION}/kind-linux-amd64
          sudo install ./kind /usr/local/bin && rm kind
          kind version
          kind version | grep -q ${KIND_VERSION}

      - name: Create Kubernetes cluster
        run: |
          ./hack/setup-kind-cluster.sh "${KUBERNETES_VERSION}"

      - name: Load container artifact
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: container
          path: /tmp

      - name: Import container image
        run: |
          docker load -i /tmp/image.tar
          docker inspect ${IMAGE}
          docker tag ${IMAGE} ${IMAGE}:ci-build
          kind load docker-image "${IMAGE}:ci-build"

      - name: Start operator
        run: |
          bin/helm install --create-namespace -n backube-snapscheduler \
              --set image.tagOverride=ci-build \
              --set metrics.disableAuth=true \
              --wait --timeout=300s \
              snapscheduler ./helm/snapscheduler
          kubectl -n backube-snapscheduler get all

      - name: Run e2e tests
        run: make test-e2e

  # This is a dummy job that can be used to determine success of CI:
  # - by Mergify instead of having to list a bunch of other jobs
  # - by the push jobs to ensure all pre-reqs pass before ANY containers are
  #   pushed.
  # - by branch protection so it doesn't need to be updated each time the kube
  #   versions in the matrix change
  e2e-success:
    name: Successful e2e tests
    needs: [build, e2e, lint]
    runs-on: ubuntu-latest
    steps:
      - name: Success
        run: echo "Previous steps were successful"

  push:
    name: Push container to registry
    needs: [e2e-success]
    if: >
      (github.event_name == 'push' || github.event_name == 'workflow_dispatch') &&
      (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v'))
    runs-on: ubuntu-latest

    steps:
      - name: Load container artifact
        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
        with:
          name: container
          path: /tmp

      - name: Import container image
        run: |
          docker load -i /tmp/image.tar
          docker inspect ${IMAGE}

      - name: Login to registry
        # If the registry server is specified in the image name, we use that.
        # If the server isn't in the image name, default to docker.io
        run: |
          [[ "${IMAGE}" =~ ^([^/]+)/[^/]+/[^/]+ ]] && REGISTRY="${BASH_REMATCH[1]}" || REGISTRY="docker.io"
          echo "Attempting docker login to: ${REGISTRY}"
          echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin ${REGISTRY}

      - name: Push to registry (latest)
        if: >
          (github.event_name == 'push' || github.event_name == 'workflow_dispatch') &&
          github.ref == 'refs/heads/master'
        run: |
          docker push "${IMAGE}"

      - name: Push to registry (version tag)
        if: >
          (github.event_name == 'push' || github.event_name == 'workflow_dispatch') &&
          startsWith(github.ref, 'refs/tags/v')
        run: |
          [[ "${{ github.ref }}" =~ ^refs/tags/v([0-9]+\..*) ]] || exit 0
          TAG="${BASH_REMATCH[1]}"
          echo "Pushing to $TAG"
          docker tag "${IMAGE}" "${IMAGE}:${TAG}"
          docker push "${IMAGE}:${TAG}"