.github/workflows/build.yml

name: Test, Build and Deploy wasm-oidc-plugin

on:
  push:
    branches:
      - main

env:
  CARGO_TERM_COLOR: always

jobs:
  cargo-deny:
    runs-on: ubuntu-latest
    container:
      image: antonengelhardt/rust-docker-tools
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Rust version
        run: rustc --version && cargo --version

      - name: Cargo Deny
        uses: EmbarkStudios/cargo-deny-action@v1

  clippy:
    runs-on: ubuntu-latest
    container:
      image: antonengelhardt/rust-docker-tools
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up cargo cache
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/bin/
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
            target/
          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

      - name: Rust version
        run: rustc --version && cargo --version

      - name: Clippy
        run: cargo clippy --release --all-targets --target=wasm32-wasi -- -D warnings

  fmt:
    runs-on: ubuntu-latest
    container:
      image: antonengelhardt/rust-docker-tools
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Rust version
        run: rustc --version && cargo --version

      - name: Fmt
        run: cargo fmt -- --check

  test:
    runs-on: ubuntu-latest
    container:
      image: antonengelhardt/rust-docker-tools
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up cargo cache
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/bin/
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
            target/
          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

      - name: Rust version
        run: rustc --version && cargo --version

      - name: Test
        run: cargo test --workspace

  build:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/antonengelhardt/rust-docker-tools
    needs: [cargo-deny, clippy, fmt, test]

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up cargo cache
        uses: actions/cache@v4
        with:
          path: |
            ~/.cargo/bin/
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
            target/
          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}

      - name: Build wasm-oidc-plugin
        run: |
          cargo build --target wasm32-wasi --release

      - name: Upload plugin as artifact
        uses: actions/upload-artifact@v2
        with:
          name: plugin
          path: target/wasm32-wasi/release/wasm_oidc_plugin.wasm

  docker-image:
    needs: [cargo-deny, clippy, fmt, test]
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Login
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Pull previous image to cache
        run: docker pull antonengelhardt/wasm-oidc-plugin:latest

      - name: Push to Docker Hub
        uses: docker/build-push-action@v2
        with:
          context: .
          push: true
          tags: antonengelhardt/wasm-oidc-plugin:latest

  ghcr-image:
    runs-on: ubuntu-latest
    needs: [cargo-deny, clippy, fmt, test]
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Login
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Push to GHCR
        run: |
          docker pull ghcr.io/antonengelhardt/wasm-oidc-plugin:latest # Pull the image to cache
          docker build -t ghcr.io/antonengelhardt/wasm-oidc-plugin:latest .
          docker push ghcr.io/antonengelhardt/wasm-oidc-plugin:latest

  deploy-demo:
    needs: ghcr-image
    environment: demo
    runs-on: ubuntu-latest
    steps:
      - uses: actions-hub/kubectl@master
        env:
          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
        with:
          args: rollout restart deployment wasm-oidc-plugin -n wasm-oidc-plugin

  trigger-release:
    needs: [docker-image, ghcr-image]
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          ssh-key: ${{ secrets.RELEASE_DEPLOY_KEY }}

      - name: Exit if latest commit is release commit
        run: |
          if git log -1 --pretty=%B | grep -q "chore(release): prepare for"; then
            echo "Latest commit is a release commit, exiting..."
            exit 0
          fi

      - name: Get most recent merged PR and calculate the next tag
        id: get_pr
        run: |
          MOST_RECENTLY_MERGED_PR=$(curl -s -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/antonengelhardt/wasm-oidc-plugin/pulls?state=closed" | \
          jq '[.[] | select(.merged_at != null)] | max_by(.merged_at)')
          PR_NUMBER=$(echo $MOST_RECENTLY_MERGED_PR | jq -r '.number')

          LABELS=$(curl -s -H 'Accept: application/vnd.github.v3+json' "https://api.github.com/repos/antonengelhardt/wasm-oidc-plugin/issues/$PR_NUMBER" | jq -r '.labels[].name')

          # Set SEMVER_BUMP based on the presence of labels
          if [[ $LABELS == *"major"* ]]; then
            SEMVER_BUMP="major"
          elif [[ $LABELS == *"minor"* ]]; then
            SEMVER_BUMP="minor"
          elif [[ $LABELS == *"bug"* ]]; then
            SEMVER_BUMP="patch"
          elif [[ $LABELS == *"patch"* ]]; then
            SEMVER_BUMP="patch"
          else
            SEMVER_BUMP="none"
            exit 0 # exit if no labels are found, which means no version bump is required
          fi

          # Output the SEMVER_BUMP value
          echo "SEMVER_BUMP is set to: $SEMVER_BUMP"

          # LATEST_TAG=$(git describe --tags --abbrev=0)
          LATEST_TAG=$(curl "https://api.github.com/repos/antonengelhardt/wasm-oidc-plugin/tags" | jq -r '.[0].name')

          # Function to bump version numbers
          bump_version() {
              local IFS=.
              local -a parts=($1)

              case "$2" in
                  major)
                      ((parts[0]++))
                      parts[1]=0
                      parts[2]=0
                      ;;
                  minor)
                      ((parts[1]++))
                      parts[2]=0
                      ;;
                  patch)
                      ((parts[2]++))
                      ;;
                  *)
                      echo "Error: Unknown version bump type '$2'"
                      exit 1
                      ;;
              esac

              echo "${parts[0]}.${parts[1]}.${parts[2]}"
          }

          current_version=${LATEST_TAG:1}

          # Bump the version based on the SEMVER_BUMP
          new_version=$(bump_version "$current_version" "$SEMVER_BUMP")

          # Append 'v' prefix if required to maintain the same version format
          NEW_TAG="v$new_version"

          echo "New tag after bump is: $NEW_TAG"

          echo "NEW_TAG=$NEW_TAG" >> $GITHUB_ENV

      - name: Create a tag on main
        run: |
          git checkout origin/main

          git config user.email "github-actions[bot]@users.noreply.github.com"
          git config user.name "github-actions[bot]"

          git tag ${{ env.NEW_TAG }}

          git push origin ${{ env.NEW_TAG }}