.github/workflows/demo-deploy-action.yml

name: 'Demo-Deploy'

on:
 workflow_dispatch:

jobs:
  get-e2e-files:
    runs-on: ubuntu-24.04
    outputs:
      file_list: ${{ steps.generate-file-list.outputs.file_list }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Generate file list
        id: generate-file-list
        run: |
          FILES=$(ls frontend/cypress/e2e | jq -R . | jq -s . | jq -c)
          echo $FILES
          echo "file_list=$FILES" >> $GITHUB_OUTPUT

  read-version:
    runs-on: ubuntu-24.04
    outputs:
      okr-docker-image:  ${{ vars.NEW_VALUE_URL }}:${{ steps.store-version.outputs.version}}-DEMO
    steps:
      - uses: actions/checkout@v4

      - name: Extract Maven project version
        run: echo "version=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec)" >> $GITHUB_OUTPUT
        id: store-version

  build-docker-image:
    needs: read-version
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK ${{vars.JAVA_VERSION}}
        uses: actions/setup-java@v4
        with:
          java-version: ${{vars.JAVA_VERSION}}
          distribution: 'adopt'

      - name: Set up node ${{vars.NODE_VERSION}}
        uses: actions/setup-node@v4
        with:
          node-version: ${{vars.NODE_VERSION}}

      - name: Install Dependencies
        run: cd ./frontend && npm ci

      - name: Build frontend with Angular
        run: cd ./frontend && npm run build

      - name: Build backend with Maven
        run: mvn -B clean package --file pom.xml -P build-for-docker

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build the docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: docker/Dockerfile
          tags: ${{ needs.read-version.outputs.okr-docker-image}}
          load: true
          push: false
          outputs: type=docker,dest=/tmp/okr-docker-image.tar

      - name: Upload artifact
        uses: actions/upload-artifact@v4
        with:
          name: okr-image
          path: /tmp/okr-docker-image.tar

  e2e-docker:
    runs-on: ubuntu-24.04
    needs: [build-docker-image, read-version, get-e2e-files]
    strategy:
      fail-fast: false
      matrix:
        file: ${{ fromJSON(needs.get-e2e-files.outputs.file_list) }}
    steps:
      - uses: actions/checkout@v4

      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: okr-image
          path: /tmp

      - name: Load image
        run: docker load --input /tmp/okr-docker-image.tar

      - name: Run keyloak server
        run: cd docker && docker compose up -d keycloak-pitc

      - name: run Springboot okr application
        run: |
          docker run --network=host \
          -e SPRING_PROFILES_ACTIVE=integration-test \
          ${{ needs.read-version.outputs.okr-docker-image}} &

      - name: Cypress run e2e tests
        uses: cypress-io/github-action@v6
        with:
          build: npm i -D cypress
          working-directory: frontend
          install: false
          wait-on: 'http://pitc.okr.localhost:8080/config, http://localhost:8544'
          wait-on-timeout: 120
          browser: chrome
          headed: false
          config: baseUrl=http://pitc.okr.localhost:8080
          spec: cypress/e2e/${{ matrix.file }}

      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: cypress-screenshots for ${{ matrix.file }}
          path: frontend/cypress/screenshots

  upload-to-quay:
    runs-on: ubuntu-latest
    needs: [e2e-docker, read-version]
    steps:
      - uses: actions/checkout@v4

      - name: Download artifact
        uses: actions/download-artifact@v4
        with:
          name: okr-image
          path: /tmp

      - name: Load image
        run: docker load --input /tmp/okr-docker-image.tar

      - name: show images
        run: docker image ls -a

      - name: Log in to Quay registry
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.QUAY_REGISTRY }}
          username: ${{ secrets.QUAY_USERNAME }}
          password: ${{ secrets.QUAY_TOKEN }}

      - name: Push
        run: docker push ${{ needs.read-version.outputs.okr-docker-image}}

      - name: Install yq
        shell: bash
        env:
          VERSION: v4.25.2
          BINARY: yq_linux_amd64
        run: |
          wget -q https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - |\
          tar xz && mv ${BINARY} /usr/local/bin/yq

      - name: Update YAML file
        shell: bash
        env:
          COMMITPREFIX: '[CTS]'
        run: |
          curl -s --header "PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}?ref=${{vars.TARGET_GITLAB_REFERENCE}}" -H "Accept: application/json" -H "Content-Type: application/json" | jq -r '.content' | base64 --decode > response.yaml
          yq -i "${{vars.YAML_PATH}} = \"${{needs.read-version.outputs.okr-docker-image}}\"" response.yaml
          UPDATED_CONTENT=$(cat response.yaml)
          curl --request PUT --header 'PRIVATE-TOKEN: ${{secrets.GITLAB_ACCESS_TOKEN}}' -F "branch=${{vars.TARGET_GITLAB_REFERENCE}}" -F "author_email=actions@gitlab.com" -F "author_name=GitLab Actions" -F "content=${UPDATED_CONTENT}" -F "commit_message=$COMMITPREFIX Automated changes to ${{vars.FILEPATH_COMMIT}}" "${{vars.TARGET_GITLAB_REPOSITORY}}/files/${{vars.GITLAB_FILEPATH}}"

  generate-and-push-sbom:
    runs-on: ubuntu-latest
    needs: [upload-to-quay]
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4

      - name: Install cdxgen
        working-directory: frontend
        run: npm install -g @cyclonedx/cdxgen@8.6.0

      - name: 'Generate SBOM for maven dependencies'
        working-directory: backend
        run: mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom

      - name: 'Generate SBOM for npm dependencies'
        working-directory: frontend
        run: cdxgen -o ../sbom-npm.xml -t npm .

      - name: 'Merge frontend and backend SBOMs'
        run: |
          docker run --rm -v $(pwd):/data cyclonedx/cyclonedx-cli merge --input-files data/backend/target/bom.xml data/sbom-npm.xml --output-file data/sbom.xml

      - name: 'Push merged SBOM to dependency track'
        env:
          PROJECT_NAME: okr-demo
        run: |
          curl --verbose -s --location --request POST ${{ secrets.DEPENDENCY_TRACK_URL }} \
          --header "X-Api-Key: ${{ secrets.SECRET_OWASP_DT_KEY }}" \
          --header "Content-Type: multipart/form-data" \
          --form "autoCreate=true" \
          --form "projectName=${PROJECT_NAME:-$GITHUB_REPOSITORY}" \
          --form "projectVersion=latest" \
          --form "bom=@sbom.xml"