ci.yml

name: ci

on:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:
    branches:
      - 'main'

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  e2e-tests:
    name: E2E Tests (${{ matrix.e2e-runtime }})
    runs-on: steadybit_runner_ubuntu_latest_4cores_16GB
    timeout-minutes: 60
    strategy:
      fail-fast: false
      matrix:
        e2e-runtime: ['docker', 'containerd', 'cri-o']
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Remove non-semver tags (from helmchart) for goreleaser to work properly
        run: |
          git tag -d $(git tag -l | grep -v "^v[0-9]*.[0-9]*.[0-9]*")

      - uses: actions/setup-go@v5
        with:
          go-version: '1.23'

      - name: Enable KVM group perms
        run: |
          echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
          sudo udevadm control --reload-rules
          sudo udevadm trigger --name-match=kvm
          sudo apt-get update
          sudo apt-get install -y libvirt-clients libvirt-daemon-system libvirt-daemon virtinst bridge-utils qemu qemu-system-x86
          sudo usermod -a -G kvm,libvirt $USER

      - name: Audit
        run: |
          make prepare_audit
          go mod download
          echo 'exec in a new sell for the group change to take effect'
          sudo -u $USER env "PATH=$PATH" "E2E_RUNTIMES=${{ matrix.e2e-runtime }}"  make e2e-test

      - name: Upload test coverage
        uses: actions/upload-artifact@v4
        with:
          name: e2e-coverage-${{ matrix.e2e-runtime }}
          path: e2e/e2e-coverage-*.out
          if-no-files-found: error
          retention-days: 3

  extension-ci:
    uses: steadybit/extension-kit/.github/workflows/reusable-extension-ci.yml@main
    needs: [e2e-tests]
    with:
      go_version: '1.23'
      build_linux_packages: true
      VERSION_BUMPER_APPID: ${{ vars.GH_APP_STEADYBIT_APP_ID }}
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      PAT_TOKEN_EXTENSION_DEPLOYER: ${{ secrets.PAT_TOKEN_EXTENSION_DEPLOYER }}
      MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
      MAVEN_GPG_PRIVATE_KEY_PASSWORD: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSWORD }}
      PAT_TOKEN_GORELEASER: ${{ secrets.PAT_TOKEN }}
      STEADYBIT_ARTIFACT_SERVER_USERNAME: ${{ secrets.STEADYBIT_ARTIFACT_SERVER_USERNAME }}
      STEADYBIT_ARTIFACT_SERVER_PASSWORD: ${{ secrets.STEADYBIT_ARTIFACT_SERVER_PASSWORD }}
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      VERSION_BUMPER_SECRET: ${{ secrets.GH_APP_STEADYBIT_PRIVATE_KEY }}
      GCP_ARTIFACT_REGISTRY_IDENTITY_PROVIDER: ${{ secrets.GCP_ARTIFACT_REGISTRY_IDENTITY_PROVIDER }}