lint-test.yml

---
# Lint the code base and launch unit test at each push or pull request
name: Lint and test
on: # yamllint disable-line rule:truthy
  push:
    # execute when pushing only branches, not tags
    branches:
      - "**"
      # avoid infinite loop for auto created PRs
      - "!update/pre-commit-*"
    tags:
      - "**"
  workflow_dispatch:

# cancel previous build if several pushes
concurrency:
  group: |
    ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

env:
  # Apply linter fixes configuration
  # When active, APPLY_FIXES must also be defined as
  # environment variable (in github/workflows/mega-linter.yml
  # or other CI tool)
  APPLY_FIXES: all
  # Decide which event triggers application of fixes in a
  # commit or a PR (pull_request, push, all)
  APPLY_FIXES_EVENT: all
  # If APPLY_FIXES is used, defines if the fixes are
  # directly committed (commit) or posted in a PR (pull_request)
  APPLY_FIXES_MODE: pull_request
  # variables to compute complex conditions
  COND_UPDATED_SOURCES: false
  COND_APPLY_FIXES_NEEDED: false

jobs:
  # -------------------------------------------------------
  # Build bash docker images
  # -------------------------------------------------------
  build-bash-docker-images:
    runs-on: ubuntu-22.04
    permissions:
      # needed by ouzi-dev/commit-status-updater@v2
      statuses: write
    strategy:
      fail-fast: true
      matrix:
        vendor:
          - ubuntu
          - alpine
        bashTarVersion:
          - "4.4"
          - "5.0"
          - "5.3"
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      # overall process
      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: build-bash-tools
          status: pending

      - name: Set env vars
        id: vars
        # shellcheck disable=SC2129
        run: |
          (
            echo "job_tag=${{github.run_id}}-${{matrix.vendor}}-${{matrix.bashTarVersion}}"
            echo "image_tag=bash-tools-${{matrix.vendor}}-${{matrix.bashTarVersion}}"
            echo "image_name=scrasnups/build"
            echo "branch_name=${GITHUB_REF##*/}"
            if [[ "${{ matrix.vendor }}" = "ubuntu" ]]; then
              echo "bashImage=ubuntu:20.04"
            else
              echo "bashImage=amd64/bash:${{ matrix.bashTarVersion }}-alpine3.19"
            fi
          ) >> "${GITHUB_ENV}"
      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: build-${{ env.image_tag }}
          status: pending

      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          # list of Docker images to use as base name for tags
          images: |
            ${{env.image_name}}
          # generate Docker tags based on the following events/attributes
          tags: |
            type=schedule
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      - uses: docker/build-push-action@v5
        continue-on-error: false
        with:
          load: true
          context: .docker
          file: .docker/Dockerfile.${{ matrix.vendor }}
          pull: true
          github-token: ${{ github.token }}
          tags: |
            ${{ env.image_name }}:${{ env.image_tag }}
          build-args: |
            BASH_IMAGE: "${{ env.bashImage }}"
            BASH_TAR_VERSION: "${{ matrix.bashTarVersion }}"
          cache-from: type=gha,scope=${{ env.image_tag }}
          cache-to: type=gha,mode=max,scope=${{ env.image_tag }}
      - name: Check image
        continue-on-error: false
        run: |
          docker run --rm "${{ env.image_name }}:${{ env.image_tag }}" bash --version
      - uses: docker/build-push-action@v5
        continue-on-error: false
        with:
          load: true
          context: .docker
          file: .docker/Dockerfile.${{ matrix.vendor }}
          push: true
          github-token: ${{ github.token }}
          tags: |
            ${{ env.image_name }}:${{ env.image_tag }}
            ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-to: type=gha,mode=max,scope=${{ env.image_tag }}

      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: build-${{ env.image_tag }}
          status: ${{ job.status }}

  # -------------------------------------------------------
  # Pre-commit
  # -------------------------------------------------------

  pre-commit:
    runs-on: ubuntu-22.04
    needs: [build-bash-docker-images]
    permissions:
      # needed by ouzi-dev/commit-status-updater@v2
      statuses: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - uses: crazy-max/ghaction-import-gpg@v6
        if: ${{ success() }}
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true

      - uses: tibdex/github-app-token@v2
        if: ${{ success() }}
        id: generate-token
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PRIVATE_KEY }}

      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: pre-commit-megalinter
          status: pending

      - name: Set env vars
        id: vars
        # shellcheck disable=SC2129
        run: |
          (
            echo "branch_name=${GITHUB_REF##*/}"
          ) >> "${GITHUB_ENV}"

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: 3.9

      - uses: fchastanet/github-action-setup-shfmt@v4.0.0

      - name: Install requirements
        run: |
          set -exo pipefail

          bin/installRequirements

      - name: Run pre-commit
        uses: pre-commit/action@v3.0.1
        id: preCommit
        with:
          extra_args: >-
            -c .pre-commit-config-github.yaml -a --hook-stage manual

      - name: MegaLinter
        id: ml
        if: ${{ !cancelled() }}
        # You can override MegaLinter flavor used to have faster performances
        # More info at https://megalinter.io/latest/flavors/
        uses: oxsecurity/megalinter/flavors/terraform@v8
        # All available variables are described in documentation
        # https://megalinter.io/latest/config-file/
        env:
          # Validates all source when push on master,
          # else just the git diff with master.
          # Override with true if you always want to lint all sources
          VALIDATE_ALL_CODEBASE: true
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          MEGALINTER_CONFIG: .mega-linter-githubAction.yml
          CI_MODE: 1

      - name: Upload MegaLinter artifacts
        if: success() || failure()
        uses: actions/upload-artifact@v4
        with:
          name: MegaLinter reports
          path: |
            megalinter-reports
            mega-linter.log

      - name: MegaLinter/Precommit has updated sources
        if: >
          steps.preCommit.outcome == 'failure' || (
            steps.ml.outputs.has_updated_sources == 1 && (
              env.APPLY_FIXES_EVENT == 'all' ||
              env.APPLY_FIXES_EVENT == github.event_name
            )
          )
        run: |
          echo "COND_UPDATED_SOURCES=true" >> "${GITHUB_ENV}"

      - name: is apply fixes needed ?
        if: >
          env.APPLY_FIXES_MODE == 'pull_request' && (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name ==
            github.repository
          )
        run: |
          echo "COND_APPLY_FIXES_NEEDED=true" >> "${GITHUB_ENV}"

      - name: Create Pull Request
        id: cpr
        # prettier-ignore
        if: >
          env.COND_UPDATED_SOURCES == 'true' &&
          env.COND_APPLY_FIXES_NEEDED == 'true' &&
          !contains(github.event.head_commit.message, 'skip fix')
        uses: peter-evans/create-pull-request@v7
        with:
          token: ${{ steps.generate-token.outputs.token }}
          committer: fchastanet <fchastanet@gmail.com>
          branch: update/pre-commit-fixes-${{ env.branch_name }}
          delete-branch: true
          title: lint fixes
          commit-message: Auto-update lint fixes
          body: |
            some auto fixes have been generated during pre-commit run
          labels: pre-commit-fixes

      - name: Print Pull request created
        if: |
          steps.cpr.outputs.pull-request-number &&
          steps.cpr.outcome == 'success'
        run: |
          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"

      - uses: ouzi-dev/commit-status-updater@v2
        if: ${{ always() }}
        with:
          name: pre-commit-megalinter
          status: ${{ job.status }}

  # -------------------------------------------------------
  # Unit tests
  # -------------------------------------------------------

  unit-tests:
    runs-on: ubuntu-22.04
    needs: [build-bash-docker-images]
    permissions:
      # needed by ouzi-dev/commit-status-updater@v2
      statuses: write
      # needed by mikepenz/action-junit-report@v4
      checks: write
    strategy:
      fail-fast: true
      matrix:
        vendor:
          - ubuntu
          - alpine
        bashTarVersion:
          - "4.4"
          - "5.0"
          - "5.3"
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - uses: crazy-max/ghaction-import-gpg@v6
        if: ${{ success() }}
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_commit_gpgsign: true

      - uses: tibdex/github-app-token@v2
        if: ${{ success() }}
        id: generate-token
        with:
          app_id: ${{ secrets.APP_ID }}
          private_key: ${{ secrets.APP_PRIVATE_KEY }}

      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}}
          status: pending

      - name: Set env vars
        id: vars
        # shellcheck disable=SC2129
        run: |
          (
            echo "job_tag=${{github.run_id}}-${{matrix.vendor}}-${{matrix.bashTarVersion}}"
            echo "image_tag=bash-tools-${{matrix.vendor}}-${{matrix.bashTarVersion}}"
            echo "image_name=scrasnups/build"
            echo "branch_name=${GITHUB_REF##*/}"
            if [[ "${{ matrix.vendor }}" = "ubuntu" ]]; then
              echo "bashImage=ubuntu:20.04"
              echo "batsOptions=-j 30"
            else
              echo "bashImage=amd64/bash:${{ matrix.bashTarVersion }}-alpine3.19"
              echo "batsOptions=-j 30 --filter-tags '!ubuntu_only'"
            fi
          ) >> "${GITHUB_ENV}"

      - name: run unit tests
        id: unitTests
        run: |
          set -exo pipefail

          bin/installRequirements

          chmod 777 logs

          docker pull "scrasnups/build:${{env.image_tag}}"

          status=0
          docker run --rm \
            -e KEEP_TEMP_FILES=0 \
            -e BATS_FIX_TEST=0 \
            -e USER_ID="1000" \
            -e GROUP_ID="1000" \
            --user "www-data:www-data" \
            -w /bash \
            -v "$(pwd):/bash" \
            "scrasnups/build:${{env.image_tag}}" \
              /bash/vendor/bats/bin/bats \
              ${{env.batsOptions}} \
              --formatter junit -o logs -r src 2>&1 |
            tee "logs/bats-${{ env.job_tag }}.log" || status=$?

          awk '/xml version="1.0"/{flag=1} flag; /<\/testsuites>/{flag=0}' \
            "logs/bats-${{ env.job_tag }}.log" >"logs/junit-${{ env.job_tag }}.xml"
          exit "${status}"

      - name: Publish Test Report
        uses: mikepenz/action-junit-report@v5
        if: ${{ always() }}
        with:
          token: ${{ github.token }}
          check_name: JUnit ${{ env.image_tag }}
          fail_on_failure: true
          require_tests: true
          require_passed_tests: true
          report_paths: "logs/**.xml"

      - name: Upload Test Results
        if: ${{ always() }}
        uses: actions/upload-artifact@v4
        with:
          name: Test Results ${{ env.image_tag }}
          path: |
            logs/**

      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: unit-tests-${{matrix.vendor}}-${{matrix.bashTarVersion}}
          status: ${{ job.status }}

  overallTestResults:
    name: "Overall Tests Results"
    if: ${{ always() }}
    needs: [unit-tests]
    runs-on: ubuntu-22.04
    permissions:
      # needed by ouzi-dev/commit-status-updater@v2
      statuses: write

    steps:
      # run this action to get the workflow conclusion
      # You can get the conclusion via env (env.WORKFLOW_CONCLUSION)
      - uses: AbsoLouie/workflow-conclusion-status@v1.0.2

      - uses: ouzi-dev/commit-status-updater@v2
        with:
          name: build-bash-tools
          # neutral, success, skipped, cancelled, timed_out, action_required, failure
          status: ${{ env.WORKFLOW_CONCLUSION }}