.github/workflows/build.yaml

name: Run tests with coverage

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
    
env:
  PROJECT_NAME: Arcane.Operator
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
  
jobs:
  validate_commit:
    name: Validate commit
    runs-on: ubuntu-latest
    if: ${{ github.ref != 'refs/heads/main' }}
    steps:
      - uses: actions/checkout@v4

      - name: Setup .NET
        uses: actions/setup-dotnet@v4.0.0
        with:
          dotnet-version: 8.0.x

      - name: Restore dependencies
        run: dotnet clean && dotnet nuget locals all --clear && dotnet restore

      - name: Test
        working-directory: ./test
        run: |
          dotnet add package coverlet.msbuild
          dotnet test ${PROJECT_NAME}.Tests.csproj --configuration Debug --runtime linux-x64 /p:CollectCoverage=true /p:CoverletOutput=Coverage/ /p:CoverletOutputFormat=lcov --logger GitHubActions

      - name: Publish Code Coverage
        if: ${{ github.event_name == 'pull_request' && always() }}
        uses: romeovs/lcov-reporter-action@v0.3.1
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          lcov-file: ./test/Coverage/coverage.info
              
      - name: Check style
        run: dotnet format --verify-no-changes
          
  build_image:
    name: Build Docker Image and Helm Charts
    runs-on: ubuntu-latest
    needs: [ validate_commit ]
    if: ${{ always() && (needs.validate_commit.result == 'success' || needs.validate_commit.result == 'skipped') }}
    permissions:
      contents: read
      packages: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with: 
          fetch-depth: 0
      
      - name: Log in to the Container registry
        uses: docker/login-action@v3.2.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Get project version
        uses: SneaksAndData/github-actions/generate_version@v0.1.6
        id: version

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=semver,pattern={{version}},value=${{steps.version.outputs.version}}
          flavor:
            latest=false

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.3.0
        with:
          use: true
          platforms: linux/arm64,linux/amd64

      - name: Build and push Docker image
        uses: docker/build-push-action@v5.3.0
        with:
          context: .
          file: .container/Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/arm64,linux/amd64

      - name: Build and Push Chart
        uses: SneaksAndData/github-actions/build_helm_chart@v0.1.8
        with:
          application: arcane-operator
          app_version: ${{ steps.meta.outputs.version }}
          container_registry_user: ${{ github.actor }}
          container_registry_token: ${{ secrets.GITHUB_TOKEN }}
          container_registry_address: ghcr.io/sneaksanddata/

      # AWS ECR Public Registry related steps
      - name: Import AWS Secrets
        uses: hashicorp/vault-action@v2.7.3
        if: ${{ startsWith(github.ref, 'refs/tags') }}
        with:
          url: https://hashicorp-vault.awsp.sneaksanddata.com/
          role: github
          method: jwt
          secrets: |
            /secret/data/common/package-publishing/aws-ecr-public/production/container-user-public access_key | ACCESS_KEY ;
            /secret/data/common/package-publishing/aws-ecr-public/production/container-user-public access_key_id | ACCESS_KEY_ID ;
        id: aws_secrets

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4.0.0
        if: ${{ startsWith(github.ref, 'refs/tags') }}
        with:
          aws-access-key-id: ${{ env.ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ env.ACCESS_KEY }}
          aws-region: us-east-1

      - name: Login to Amazon ECR Public
        if: ${{ startsWith(github.ref, 'refs/tags') }}
        uses: aws-actions/amazon-ecr-login@v2
        with:
          registry-type: public

      - name: Push image to ECR Public registry
        if: ${{ startsWith(github.ref, 'refs/tags') }}
        uses: akhilerm/tag-push-action@v2.1.0
        with:
          src: ${{ steps.meta.outputs.tags }}
          dst: public.ecr.aws/s0t1h2z6/arcane/${{ github.event.repository.name }}:${{ steps.meta.outputs.version }}
      # END AWS ECR Registry related steps