.github/workflows/tests.yml

name: tests
on:
  workflow_call:
    inputs:
      version:
        type: string
        default: today
      default_modifier:
        type: string
        default: ""
    secrets:
      gcp_identity_provider:
        required: true
      gcp_service_account:
        required: true
      gcp_project:
        required: true
      gcp_region:
        required: true
      gcp_zone:
        required: true
      aws_role:
        required: true
      aws_session:
        required: true
      aws_region:
        required: true
      az_client_id:
        required: true
      az_tenant_id:
        required: true
      az_subscription_id:
        required: true
      ccc_credentials:
        required: true
jobs:
  platform_tests:
    name: platform test
    env:
      gcp_project: ${{ secrets.gcp_project }}
      gcp_region: ${{ secrets.gcp_region }}
      gcp_zone: ${{ secrets.gcp_zone }}
      aws_region: ${{ secrets.aws_region }}
      azure_subscription_id: ${{ secrets.az_subscription_id }}
      AZURE_CONFIG_DIR: /tmp/azure_config_dir
      TARGET_ARCHITECTURE: ${{ matrix.arch }}
    runs-on: ubuntu-latest
    defaults:
      run:
        shell: bash
    permissions:
      id-token: write
      packages: write
    environment: oidc_platform_tests
    strategy:
      fail-fast: false
      matrix:
        arch: [ amd64, arm64 ]
        target: [ gcp, aws, azure, ali ]
        modifier: [ "${{ inputs.default_modifier }}" ]
        exclude:
          - arch: arm64
            target: azure
          - arch: arm64
            target: ali
    steps:
    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1

    - name: login to ghcr.io
      run: echo "${{ secrets.GITHUB_TOKEN }}" | podman login ghcr.io -u $ --password-stdin

    - name: pull container image
      run: |
        podman pull "ghcr.io/gardenlinux/gardenlinux/integration-test:$GITHUB_SHA"
        podman tag "ghcr.io/gardenlinux/gardenlinux/integration-test:$GITHUB_SHA" ghcr.io/gardenlinux/gardenlinux/integration-test:today

    - name: set VERSION=${{ inputs.version }}
      run: |
        bin/garden-version "${{ inputs.version }}" | tee VERSION
        git update-index --assume-unchanged VERSION

    - name: get cname
      run: echo "cname=$(./build --resolve-cname ${{ matrix.target }}${{ matrix.modifier }}-${{ matrix.arch }})" | tee -a "$GITHUB_ENV"

    - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # pin@v3
      with:
        name: ${{ env.cname }}
        path: /tmp/gardenlinux-build-artifacts

    - run: ls -lah /tmp/gardenlinux-build-artifacts

    - if: ${{ matrix.target == 'gcp' }}
      id: 'auth_gcp'
      name: 'Authenticate to Google Cloud'
      uses: google-github-actions/auth@f6de81663f7788d05bd15bcce18f0e57f23f0846 # pin@v1
      with:
        workload_identity_provider: ${{ secrets.gcp_identity_provider }}
        service_account: ${{ secrets.gcp_service_account }}
        create_credentials_file: true
        cleanup_credentials: true
        export_environment_variables: true

    - if: ${{ matrix.target == 'aws' }}
      id: 'auth_aws'
      name: 'Authenticate to AWS'
      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # pin@v4
      with:
        role-to-assume: ${{ secrets.aws_role }}
        role-session-name: ${{ secrets.aws_session }}
        aws-region: ${{ secrets.aws_region }}

    - if: ${{ matrix.target == 'azure' }}
      id: 'auth_azure'
      name: 'Authenticate to Azure'
      uses: azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # pin@v1
      with:
        client-id: ${{ secrets.az_client_id }}
        tenant-id: ${{ secrets.az_tenant_id }}
        subscription-id: ${{ secrets.az_subscription_id }}

    - if: ${{ matrix.target == 'ali' }}
      name: 'Create ali cloud credential file'
      run: base64 -d <<< "${{ secrets.ccc_credentials }}" | .github/workflows/ali_credentials.jq > ali-service-account.json

    - name: start platform test for ${{ matrix.target }}
      run: |
        set -o pipefail
        .github/workflows/${{ matrix.target }}_tests.sh --arch "${{ matrix.arch }}" "${{ env.cname }}" 2>&1 | tee "${{ env.cname }}.integration-tests-log"

    - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # pin@v3
      with:
        name: tests-${{ env.cname }}
        path: ${{ env.cname }}.integration-tests-log