ci.yml

name: Continuous Integration

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

permissions:
  contents: read

jobs:
  tests-unit:
    name: Unit Tests
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        id: setup-node
        uses: actions/setup-node@v4
        with:
          node-version-file: .node-version
          cache: npm

      - name: Install Dependencies
        id: npm-ci
        run: npm ci

      - name: Lint
        id: npm-lint
        run: npm run lint

      - name: Test
        id: npm-test
        run: npm run test

  tests-live:
    permissions:
      contents: read
      id-token: write

    name: Live Tests
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        id: setup-node
        uses: actions/setup-node@v4
        with:
          node-version-file: .node-version
          cache: npm

      - name: Install Dependencies
        id: npm-ci
        run: npm ci

      - uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Run Live Tests
        run: npm run test:live
        env:
          LIVETEST_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          LIVETEST_RESOURCE_GROUP: azure-bicep-deploy-ci

  tests-action:
    permissions:
      contents: read
      id-token: write

    name: Actions Tests
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - windows-latest
          - ubuntu-latest
          - macos-latest

    concurrency:
      # Stacks are stateful - avoid modifying the same Stack concurrently
      group: ${{ matrix.os }}

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4

      - uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Test Deployment - Validate
        uses: ./
        with:
          type: deployment
          operation: validate
          name: ci-deploy-${{ matrix.os }}
          scope: resourceGroup
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          resource-group-name: azure-bicep-deploy-ci
          parameters-file: test/files/basic/main.bicepparam

      - name: Test Deployment - WhatIf
        uses: ./
        with:
          type: deployment
          operation: whatIf
          name: ci-deploy-${{ matrix.os }}
          scope: resourceGroup
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          resource-group-name: azure-bicep-deploy-ci
          parameters-file: test/files/basic/main.bicepparam

      - name: Test Deployment - Deploy
        uses: ./
        with:
          type: deployment
          operation: create
          name: ci-deploy-${{ matrix.os }}
          scope: resourceGroup
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          resource-group-name: azure-bicep-deploy-ci
          parameters-file: test/files/basic/main.bicepparam

      - name: Test Local Action (Stack)
        uses: ./
        with:
          type: deploymentStack
          operation: create
          name: ci-stack-${{ matrix.os }}
          scope: resourceGroup
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          resource-group-name: azure-bicep-deploy-ci
          parameters-file: test/files/basic/main.bicepparam
          action-on-unmanage-resources: delete
          deny-settings-mode: denyDelete