.github/workflows/services.yml

on: push
name: Services

env:
  CI: true
  REPOSITORY_NAME: switch-services

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.set-deployment-matrix.outputs.matrix }}
      matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }}

    defaults:
      run:
        working-directory: components/services

    env:
      PGHOST: localhost
      PGUSER: postgres
      RAILS_ENV: test
      CI: true

    services:
      postgres:
        image: postgres:14
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: ""
          POSTGRES_HOST_AUTH_METHOD: trust
        ports:
          - 5432:5432
        # needed because the postgres container does not provide a healthcheck
        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          working-directory: components/services
          bundler-cache: true

      - name: Run Specs
        run: |
          bundle exec rspec

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}

      - name: Set Deployment Matrix
        id: set-deployment-matrix
        run: |
          branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g')
          matrixSource=$(cat << EOF
          [
            {
              "identifier": "switch-services-staging",
              "environment": "staging",
              "branch": "develop",
              "friendly_image_tag": "beta",
              "image_tag": "stag-${{ github.sha }}"
            },
            {
              "identifier": "switch-services",
              "environment": "production",
              "branch": "master",
              "friendly_image_tag": "latest",
              "image_tag": "prod-${{ github.sha }}"
            }
          ]
          EOF
          )
          matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )')
          echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
          echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT

  build-packages:
    name: Build Packages
    runs-on: ubuntu-latest
    if: needs.build.outputs.matrixLength > 0

    strategy:
      matrix: ${{fromJson(needs.build.outputs.matrix)}}

    needs:
      - build

    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
          role-skip-session-tagging: true
          role-duration-seconds: 3600
          aws-region: ap-southeast-1

      - name: Build image
        uses: aws-actions/aws-codebuild-run-build@v1
        with:
          project-name: somleng-switch-arm64
          buildspec-override:   |
            version: 0.2
            phases:
              build:
                steps:
                  - name: Build
                    run: |
                      cd components/services
                      aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }}
                      export DOCKER_BUILDKIT=1
                      docker buildx build --cache-from ${{ secrets.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 --tag ${{ secrets.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 --tag ${{ secrets.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }}-arm64 --push .

  publish_images:
    name: Publish Images
    runs-on: ubuntu-latest

    needs:
      - build
      - build-packages

    strategy:
      matrix: ${{fromJSON(needs.build.outputs.matrix)}}

    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
          role-skip-session-tagging: true
          role-duration-seconds: 3600
          aws-region: ap-southeast-1

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Login to ECR
        uses: docker/login-action@v3
        with:
          registry: ${{ secrets.ECR_REGISTRY }}

      - name: Publish Images
        run: |
          docker image pull ${{ secrets.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64
          docker tag ${{ secrets.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64 ${{ secrets.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64
          docker push ${{ secrets.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64
          docker buildx imagetools create -t ${{ secrets.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }} "${{ secrets.GHCR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-arm64"

  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    needs:
      - build
      - build-packages

    if: needs.build.outputs.matrixLength > 0
    defaults:
      run:
        working-directory: components/services

    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      AWS_DEFAULT_REGION: ap-southeast-1

    strategy:
      matrix: ${{fromJson(needs.build.outputs.matrix)}}

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        id: aws-login
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
          role-skip-session-tagging: true
          role-duration-seconds: 3600
          aws-region: ap-southeast-1

      - name: Deploy Lambda
        run: |
          aws lambda update-function-code --function-name ${{ matrix.identifier }} \
                                          --image-uri ${{ secrets.ECR_REGISTRY }}/${{ env.REPOSITORY_NAME }}:${{ matrix.image_tag }}-arm64 \
                                          --architectures "arm64" \
                                          --publish

      - name: Create Sentry release
        uses: getsentry/action-release@v1
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: somleng
          SENTRY_PROJECT: somleng-switch-services
        with:
          environment: ${{ matrix.environment }}