.github/workflows/test.yml

on:
  push:
  pull_request:
  workflow_dispatch:

name: CI-TEST

env:
  IMAGE_NAME: ${{ github.repository }}-test
  IMAGE_TAG:  ${{ github.ref_name }}

defaults:
  run:
    shell: bash
    working-directory: /home/runner

jobs:
  create-test-docker-image:
    permissions:
      contents: read
      packages: write
      attestations: write
      id-token: write

    name: Create Test Docker image
    runs-on: ubuntu-latest
    outputs:
      NAME: ${{ env.IMAGE_NAME }}
      TAG:  ${{ env.IMAGE_TAG }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Escape Docker image tag
        run: |
          echo "IMAGE_TAG=$(echo ${{ env.IMAGE_TAG }} | sed -e 's/\//-/g')" >> $GITHUB_ENV
          echo "IMAGE_NAME: ${{ env.IMAGE_NAME }}"
          echo "IMAGE_TAG:  ${{ env.IMAGE_TAG  }}"

      - name: Use 'main' Docker image tag if this is a PR from a fork
        id: origin
        shell: bash
        if: github.event.pull_request.head.repo.fork
        run: |
          echo gh.pr:          ${{ github.event.pull_request.repo.full_name }}
          echo gh.fork:        ${{ github.event.pull_request.head.repo.fork }}
          echo gh.repo:        ${{ github.repository }}
          echo 'IMAGE_TAG=main' >> $GITHUB_ENV

      - name: Check if Dockerfile has changed
        uses: dorny/paths-filter@v3
        id: changed
        with:
          base: ${{ github.ref_name }}
          filters: |
            dockerfile:
              - "appimage/test/docker/**"

      - name: Check if Docker image exists
        id: exists
        shell: bash
        run: |
          declare -a HEADERS=(
            '-H' "Accept: application/vnd.oci.image.manifest.v1+json"
            '-H' "Accept: application/vnd.oci.image.index.v1+json"
            '-H' "Authorization: Bearer $(echo ${{ secrets.GITHUB_TOKEN }} | base64)"
          )
          RESULT=$(curl "${HEADERS[@]}" https://ghcr.io/v2/${IMAGE_NAME}/manifests/${IMAGE_TAG})
          echo 'dockerimage<<EOF' >> $GITHUB_OUTPUT
          echo ${RESULT} | jq 'has("manifests")' >> $GITHUB_OUTPUT
          echo 'EOF' >> $GITHUB_OUTPUT
          echo
          echo exists:        ${{ steps.exists.outputs.dockerimage }}

      - name: Check if we need to build the Docker image
        id: dockerimage
        if: |
          ! github.event.pull_request.head.repo.fork &&
          (steps.changed.outputs.dockerfile == 'true' || steps.exists.outputs.dockerimage == 'false')
        run: |
          echo 'build=true' >> $GITHUB_OUTPUT

      - name: Debug Check
        shell: bash
        run: |
          echo IMAGE_NAME:     ${{ env.IMAGE_NAME }}           # <repo-owner>/<repo>-test
          echo IMAGE_TAG:      ${{ env.IMAGE_TAG }}            # <gh.ref_name>
          echo
          echo gh.actor:       ${{ github.actor }}             # antoinevg             antoinevg
          echo gh.trig_actor:  ${{ github.triggering_actor }}  # antoinevg             antoinevg
          echo gh.repo:        ${{ github.repository }}        # antoinevg/packetry    greatscottgadgets/packetry
          echo gh.repo_owner:  ${{ github.repository_owner }}  # antoinevg             greatscottgadgets
          echo gh.base_ref:    ${{ github.base_ref }}          #                       main
          echo gh.head_ref:    ${{ github.head_ref }}          #                       antoinevg/fix-pr-403
          echo gh.ref_name:    ${{ github.ref_name }}          # antoinevg/fix-pr-403  149/merge
          echo
          echo check.forked:   ${{ github.event.pull_request.head.repo.fork }}  #        true
          echo check.changed:  ${{ steps.changed.outputs.dockerfile }}          # true   true
          echo check.exists:   ${{ steps.exists.outputs.dockerimage }}          # false  false
          echo
          echo build:          ${{ steps.dockerimage.outputs.build }} # bump

      - name: Log in to the Container registry
        if: steps.dockerimage.outputs.build
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        if: steps.dockerimage.outputs.build
        uses: docker/setup-buildx-action@v3

      - name: Build and push Docker image
        if: steps.dockerimage.outputs.build
        id: push
        uses: docker/build-push-action@v6
        with:
          context: appimage/test/docker/
          push: true
          tags: ghcr.io/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
          cache-from: type=gha, scope=${{ env.IMAGE_TAG }}
          cache-to:   type=gha, scope=${{ env.IMAGE_TAG }}, mode=max

      - name: Generate artifact attestation
        if: steps.dockerimage.outputs.build
        uses: actions/attest-build-provenance@v1
        with:
          subject-name: ghcr.io/${{ env.IMAGE_NAME }}
          subject-digest: ${{ steps.push.outputs.digest }}
          push-to-registry: true


  test-remote:
    permissions:
      contents: read
      packages: read

    needs: create-test-docker-image

    name: Run test action
    runs-on: ubuntu-latest

    container:
      image: ghcr.io/${{ needs.create-test-docker-image.outputs.NAME }}:${{ needs.create-test-docker-image.outputs.TAG }}
      options: --user root # see: https://github.com/actions/checkout/issues/1014
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

    steps:
      - name: Check image name & tag
        run: |
          echo "NAME:       ${{ needs.create-test-docker-image.outputs.NAME }}"
          echo "TAG:        ${{ needs.create-test-docker-image.outputs.TAG }}"

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Check environment
        run: |
          echo PATH: $PATH
          echo HOME: $HOME
          echo pwd:  `pwd`
          ls -al

      - name: Test Action
        uses: ./appimage/test/
        with:
          executable: ./target/release/packetry