.github/workflows/main.yml

# Continuous integration, including test and integration test
name: CI

# Run in master and dev branches and in all pull requests to those branches, as well as on workflow dispatch for downstream testing
on:
  workflow_dispatch:
  push:
    branches: [ master, dev ]
  pull_request:
    branches: [ master, dev ]

env:
  DOCKER_IMAGE: radarbase/radar-appserver

jobs:
  # Build and test the code
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      - uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: temurin

      - uses: gradle/gradle-build-action@v2

      # Compile the code
      - name: Compile code
        run: ./gradlew assemble

      # Use 'docker compose' instead of 'docker-compose' to use v2
      - name: Setup docker services
        run: |
            sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
            sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
            docker compose -f src/integrationTest/resources/docker/non_appserver/docker-compose.yml up -d
            # Wait for services to start up.
            sleep 50

      - name: Install gpg secret key
        run: |
          cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
          gpg --list-secret-keys --keyid-format LONG
      - name: Decrypt google application credentials
        run: |
          gpg --pinentry-mode loopback --local-user "Yatharth Ranjan" --batch --yes --passphrase "${{ secrets.GPG_SECRET_KEY_PASSPHRASE }}" --output src/integrationTest/resources/google-credentials.json --decrypt src/integrationTest/resources/google-credentials.enc.gpg

      # Gradle check
      - name: Check
        run: GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/src/integrationTest/resources/google-credentials.json ./gradlew check

      - name: Upload build artifacts
        if: always()
        uses: actions/upload-artifact@v3
        with:
          path: build/reports
          if-no-files-found: ignore
          retention-days: 5

  # Build and test the code against the :dev docker image of parent repositories
  test-downstream:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    # only run this on 'ready for review' PRs or when triggered by an upstream job
    if: github.event.pull_request.draft == false || github.event_name == 'workflow_dispatch'

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      - uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: temurin

        # Use 'docker compose' instead of 'docker-compose' to use v2
      - name: Setup docker services (:dev)
        run: |
          sudo mkdir -p /usr/local/var/lib/radar/appserver/logs/
          sudo chown -R $(whoami) /usr/local/var/lib/radar/appserver/logs
          # call docker compose without args to include the override file
          cd src/integrationTest/resources/docker/appserver_downstream
          docker compose up -d
          # Wait for services to start up.
          sleep 50

      - name: Install gpg secret key
        run: |
          cat <(echo -e "${{ secrets.GPG_SECRET_KEY }}") | gpg --batch --import
          gpg --list-secret-keys --keyid-format LONG

      - name: Decrypt google application credentials
        run: |
          gpg --pinentry-mode loopback --local-user "Yatharth Ranjan" --batch --yes --passphrase "${{ secrets.GPG_SECRET_KEY_PASSPHRASE }}" --output src/integrationTest/resources/google-credentials.json --decrypt src/integrationTest/resources/google-credentials.enc.gpg

      # Gradle check
      - name: Check
        run: GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/src/integrationTest/resources/google-credentials.json ./gradlew check

  # Check that the docker image builds correctly
  docker:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    if: github.event_name != 'workflow_dispatch'

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
        # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
        - uses: actions/checkout@v3

        - name: Login to Docker Hub
          uses: docker/login-action@v2
          with:
              username: ${{ secrets.DOCKERHUB_USERNAME }}
              password: ${{ secrets.DOCKERHUB_TOKEN }}

        # Add Docker labels and tags
        - name: Docker meta
          id: docker_meta
          uses: docker/metadata-action@v4
          with:
              images: ${{ env.DOCKER_IMAGE }}

        # Setup docker build environment
        - name: Set up QEMU
          uses: docker/setup-qemu-action@v2

        - name: Set up Docker Buildx
          uses: docker/setup-buildx-action@v2

        - name: Cache Docker layers
          id: cache-buildx
          uses: actions/cache@v3
          with:
              path: /tmp/.buildx-cache
              key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile', '**/*.gradle.kts', 'gradle.properties', 'src/main/**') }}
              restore-keys: |
                  ${{ runner.os }}-buildx-

        - name: Cache parameters
          id: cache-parameters
          run: |
              if [ "${{ steps.cache-buildx.outputs.cache-hit }}" = "true" ]; then
                echo "::set-output name=cache-to::"
              else
                echo "::set-output name=cache-to::type=local,dest=/tmp/.buildx-cache-new,mode=max"
              fi

        - name: Build docker
          uses: docker/build-push-action@v3
          with:
              cache-from: type=local,src=/tmp/.buildx-cache
              cache-to: ${{ steps.cache-parameters.outputs.cache-to }}
              load: true
              tags: ${{ steps.docker_meta.outputs.tags }}
              # Use runtime labels from docker_meta as well as fixed labels
              labels: |
                  ${{ steps.docker_meta.outputs.labels }}
                  maintainer=Yatharth Ranjan <yatharth.ranjan@kcl.ac.uk>, Pauline Conde <pauline.conde@kcl.ac.uk>
                  org.opencontainers.image.authors=Yatharth Ranjan <yatharth.ranjan@kcl.ac.uk>, Pauline Conde <pauline.conde@kcl.ac.uk>
                  org.opencontainers.image.vendor=RADAR-base
                  org.opencontainers.image.licenses=Apache-2.0

        - name: Inspect docker image
          run: docker image inspect ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}

        # Push the image on the dev and master branches
        - name: Push image
          if: ${{ github.event_name != 'pull_request' }}
          run: docker push ${{ env.DOCKER_IMAGE }}:${{ steps.docker_meta.outputs.version }}

        # Temp fix
        # https://github.com/docker/build-push-action/issues/252
        # https://github.com/moby/buildkit/issues/1896
        - name: Move docker build cache
          if: steps.cache-buildx.outputs.cache-hit != 'true'
          run: |
              rm -rf /tmp/.buildx-cache
              mv /tmp/.buildx-cache-new /tmp/.buildx-cache    
        