.github/workflows/ci.yaml

name: CI - CD
on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  validations:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
      - uses: bahmutov/npm-install@v1
      - name: Build back
        run: cd api && yarn build
      - name: Fullcheck
        run: yarn fullcheck
#
  check_if_version_upgraded:
    name: Check if version upgrade
    if: github.event_name == 'push'
    runs-on: ubuntu-latest
    needs: validations
    outputs:
      from_version: ${{ steps.step1.outputs.from_version }}
      to_version: ${{ steps.step1.outputs.to_version }}
      is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
    steps:
      - uses: garronej/ts-ci@v2.1.0
        id: step1
        with:
          action_name: is_package_json_version_upgraded

  create_tag:
    name: Create version tag
    runs-on: ubuntu-latest
    needs:
      - check_if_version_upgraded
    if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Create tag
        run: |
          git config --local user.email "actions@github.com"
          git config --local user.name "GitHub Actions"
          git tag -a v${{ needs.check_if_version_upgraded.outputs.to_version }} -m "Deployment tag for v${{ needs.check_if_version_upgraded.outputs.to_version }}"
          git push --tags
          

  pre-release:
    runs-on: ubuntu-latest
    needs:
      - check_if_version_upgraded
      - create_tag
    env:
      TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
    steps:
      - name: Keycloakify
        run: npx keycloakify
        env:
          XDG_CACHE_HOME: "/home/runner/.cache/yarn"
      - name: Get tag of latest release
        id: get-latest-release-tag
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const latestRelease = await github.request(`GET /repos/${{ github.repository }}/releases/latest`)
            return latestRelease.data.tag_name
          result-encoding: string
      - name: "Generate release candidate on github"
        uses: softprops/action-gh-release@v2
        with:
          name: Release candidate v${{ env.TO_VERSION }}-rc
          prerelease: true
          tag_name: v${{ env.TO_VERSION }}-rc
          target_commitish: ${{ steps.get-latest-release-tag.outputs.name }}
          generate_release_notes: true
          files: |
            retrocompat-keycloak-theme.jar
            keycloak-theme.jar
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  docker:
    runs-on: ubuntu-latest
    needs:
     - check_if_version_upgraded
     - create_tag
     - pre-release
    steps:
      - uses: actions/checkout@v4
      - uses: docker/setup-qemu-action@v3
      - uses: docker/setup-buildx-action@v3
      - uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Computing Docker image tags
        id: step1
        env:
          TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
        run: |
          OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest
          OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}')
          echo ::set-output name=docker_api_tags::$OUT_API

          OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest
          OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}')
          echo ::set-output name=docker_web_tags::$OUT_WEB

      - uses: docker/build-push-action@v5
        with:
          push: true
          context: .
          target: api
          tags: ${{ steps.step1.outputs.docker_api_tags }}
      - uses: docker/build-push-action@v5
        with:
          push: true
          context: .
          target: web
          tags: ${{ steps.step1.outputs.docker_web_tags }}

  poke_gitops:
    name: "Poke gitops"
    runs-on: ubuntu-latest
    needs:
      - docker
    steps:
    - uses: peter-evans/repository-dispatch@v3
      with:
        token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }}
        event-type: update_sill_api
        repository: codegouvfr/paris-sspcloud
    - uses: peter-evans/repository-dispatch@v3
      with:
        token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }}
        event-type: update_sill_web
        repository: codegouvfr/paris-sspcloud

  trigger_production_deploy:
    name: "Trigger production deploy"
    runs-on: ubuntu-latest
    environment: production
#    concurrency:
#      group: deploy-to-production
#      cancel-in-progress: true
#    needs:
#      - docker
#      - poke_gitops
    steps:
    - run: echo "Triggering production deploy"
    - name: Set up SSH
      run: |
        mkdir -p ~/.ssh
        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
        chmod 600 ~/.ssh/id_ed25519
        ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts
        ssh -o StrictHostKeyChecking=no web@code.gouv.fr "ls -la websites"
      env:
        SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}


  create_github_release:
    name: "Create release notes"
    runs-on: ubuntu-latest
    needs:
      - trigger_production_deploy
      - check_if_version_upgraded
      - create_tag
    if: |
      needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' &&
      (
        github.event_name == 'push' ||
        needs.check_if_version_upgraded.outputs.is_release_beta == 'true'
      )
#     We create a release only when all of the above are validated:
#     - we are on default branch
#     - version has been upgraded
#     - we have pushed to production
    env:
      TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
    steps:
      - name: Get tag of latest release
        id: get-latest-release-tag
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const latestRelease = await github.request(`GET /repos/${{ github.repository }}/releases/latest`)
            return latestRelease.data.tag_name
          result-encoding: string
      - name: Generate release notes content from latest release
        id: generate-release-notes
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const releaseNotes = await github.request(`POST /repos/${{ github.repository }}/releases/generate-notes`, {
              tag_name: `v${{ env.TO_VERSION }}`,
              previous_tag_name: `${{steps.get-latest-release-tag.outputs.result}}` })
            core.setOutput("name", releaseNotes.data.name);
            core.setOutput("body", releaseNotes.data.body);
      - name: Create release notes on github
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            await github.request(`POST /repos/${{ github.repository }}/releases`, {
              tag_name: `v${{ env.TO_VERSION }}`,
              name: `${{ steps.generate-release-notes.outputs.name }}`,
              body: `${{ steps.generate-release-notes.outputs.body }}`})