.github/workflows/workflow_pr.yml

name: "[Workflow] Pull Request Path"

concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}

on:
  pull_request:
    branches:
      - main

permissions:
  actions: read
  checks: read
  contents: write
  deployments: none
  issues: none
  packages: none
  pull-requests: write
  repository-projects: none
  security-events: write
  statuses: none

defaults:
 run:
  shell: bash

jobs:
  pr_label:
    runs-on: ubuntu-latest
    name: Label PR
    steps:
      - uses: actions/labeler@main
        with:
          configuration-path: ".github/labeller.yml"
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
          sync-labels: true

  branch_name:
    name: "Generate a safe branch name"
    uses: ministryofjustice/opg-github-workflows/.github/workflows/data-parse-branch-name.yml@main

  set_variables:
    name: output workflow variables
    runs-on: ubuntu-latest
    outputs:
      environment_terraform_version: ${{ steps.terraform_version_environment.outputs.version }}
      semver_tag: ${{ steps.semver_tag.outputs.created_tag }}
    steps:
      - name: Set terraform version - environment
        id: terraform_version_environment
        uses: ministryofjustice/opg-github-actions/.github/actions/terraform-version@v3.0.6
        with:
          terraform_directory: "./terraform/environment"
      - name: "Semver tag"
        id: semver_tag
        uses: ministryofjustice/opg-github-actions/.github/actions/semver-tag@v3.0.6
        with:
          prerelease: true
          with_v: true
          github_token: ${{ secrets.GITHUB_TOKEN }}

  terraform_environment_lint:
    name: Terraform - Environment - Lint
    needs:
      - set_variables
    uses: ministryofjustice/opg-github-workflows/.github/workflows/linting-infrastructure-terraform.yml@v3.1.0
    with:
      terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }}
      tflint_check: false
      directory: "./terraform/environment"

  python_unit_tests:
    name: Python Unit Tests
    needs:
      - set_variables
    uses: ./.github/workflows/_python_unit_tests.yml

  docker_build_scan_push:
    name: Build, Scan and Push
    needs:
      - set_variables
      - python_unit_tests
      - terraform_environment_lint
    uses: ./.github/workflows/_docker_build_scan_push.yml
    with:
      semver_tag: ${{ needs.set_variables.outputs.semver_tag }}
    secrets: inherit # pragma: allowlist secret

  ephemeral_environment:
    name: Create Ephemeral Environment
    uses: ministryofjustice/opg-github-workflows/.github/workflows/build-infrastructure-terraform.yml@v3.1.0
    needs:
      - set_variables
      - docker_build_scan_push
      - branch_name
    with:
      terraform_version: ${{ needs.set_variables.outputs.environment_terraform_version }}
      terraform_directory: "./terraform/environment"
      terraform_workspace: ${{ github.event.pull_request.number }}${{ needs.branch_name.outputs.safe }}
      is_ephemeral: true
      workspace_manager_aws_account_id: "288342028542"
      workspace_manager_aws_iam_role: integrations-ci
      terraform_apply: true
      terraform_variables: "-var=lambda_image_uri=${{ needs.docker_build_scan_push.outputs.ecr_image_uri }}"
    secrets:
      GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      AWS_ACCESS_KEY_ID_ACTIONS: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
      AWS_SECRET_ACCESS_KEY_ACTIONS: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
      PAGERDUTY_TOKEN: ""

  get_terraform_output:
    name: Get Terraform Outputs
    runs-on: ubuntu-latest
    needs:
      - ephemeral_environment
    outputs:
      data_lpa_api_url: ${{ steps.data_lpa_api_url.outputs.data_lpa_api_url }}
    steps:
      - name: Set Data LPA API URL
        id: data_lpa_api_url
        run: |
          data_lpa_api_url=$(echo -e ${{ needs.ephemeral_environment.outputs.terraform_output_as_json }} | jq -r '.api_gateway_url.value')
          echo data_lpa_api_url=${data_lpa_api_url} >> $GITHUB_OUTPUT

  integration_tests:
    name: Run Integration Tests on Ephemeral Environment
    needs:
      - ephemeral_environment
      - get_terraform_output
    uses: ./.github/workflows/_integration_tests.yml
    with:
      data_lpa_api_url: "https://${{ needs.get_terraform_output.outputs.data_lpa_api_url }}/v1"
      working_directory: "./integration_tests"
      tests_directory: "./integration_tests/v1"
    secrets: inherit # pragma: allowlist secret