.github/workflows/cicd.yml

---
name: CI + CD
on:
  push:
    branches:
      - "**"
env:
  DEV_PORT: 50505
  STAGING_PORT: 50506
  PROD_PORT: 50507
  SONAR_PROJECT_KEY: "bas-kirill_muse-project_c40bc999-8826-433b-bb84-8871688b1ab1"

jobs:
  openapi-linter:
    name: "[OpenAPI] Linter"
    runs-on: kiryuxa-1
    steps:
      - uses: actions/checkout@v1
      - name: Run Spectral Linter
        run: ./tools/scripts/openapi/runLinter.sh

  credentials-check:
    name: "[PR] GitGuardian scan"
    if: false # or in another case, there will be "Error: Server is not responding as expected."
    runs-on: kiryuxa-1
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # fetch all history so multiple commits can be scanned
      - name: GitGuardian scan
        uses: GitGuardian/ggshield-action@v1
        env:
          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}

  client-linter:
    name: "[CLIENT] Linter"
    runs-on: kiryuxa-1
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Run linter
        run: ./tools/scripts/client/runLinter.sh

  client-static-analyzer:
    name: "[CLIENT] Static Analyzer"
    runs-on: kiryuxa-2
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Install dependencies
        run: cd ./client && npm install

      - name: Run Static Analyzer
        run: ./tools/scripts/client/runStaticAnalyzer.sh

  server-linter:
    name: "[SERVER] Linter"
    runs-on: kiryuxa-2
    steps:
      - name: Set up JDK 21 (Temurin)
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21.0"
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Run linter
        run: ./tools/scripts/server/runLinter.sh

  server-static-analyzer:
    name: "[SERVER] Static Analyzer"
    runs-on: kiryuxa-2
    steps:
      - name: Set up JDK 21 (Temurin)
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21.0"

      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Run static analyzer
        run: ./tools/scripts/server/runStaticAnalyzer.sh
  server-sonarqube:
    name: "[SERVER] Run SonarQube"
    runs-on: ubuntu-22.04
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
      - name: Set up JDK 17
        uses: actions/setup-java@v1
        with:
          java-version: 17
      - name: Run sonarqube
        uses: sonarsource/sonarqube-scan-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_PROJECT_KEY: ${{ env.SONAR_PROJECT_KEY }}

      - name: Wait for quality gate result
        run: sleep 5

      - uses: phwt/sonarqube-quality-gate-action@v1
        id: quality-gate-check
        with:
          sonar-project-key: "bas-kirill_muse-project_c40bc999-8826-433b-bb84-8871688b1ab1"
          sonar-host-url: ${{ secrets.SONAR_HOST_URL }}
          sonar-token: ${{ secrets.SONAR_TOKEN }}
          github-token: ${{ secrets.GH_TOKEN }}

      - name: Output result
        run: |
          echo "${{ steps.quality-gate-result.outputs.project-status }}"
          echo "${{ steps.quality-gate-result.outputs.quality-gate-result }}"

  server-unit-tests:
    name: "[SERVER] Unit Tests"
    runs-on: kiryuxa-3
    permissions:
      contents: read
      issues: read
      checks: write
      pull-requests: write
    steps:
      - name: Set up JDK 21 (Temurin)
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21.0"
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Run Unit Tests
        env:
          MUSE_JWT_SECRET_KEY: ${{ secrets.MUSE_JWT_SECRET_KEY }}
        run: ./tools/scripts/server/runUnitTests.sh
      #      - name: Publish Unit Test Results
      #        if: always()
      #        uses: EnricoMi/publish-unit-test-result-action@v1.9
      #        with:
      #          files: ./**/**/build/test-results/**/*.xml
      #          report_individual_runs: true
      - name: Gather reports
        uses: actions/upload-artifact@v2
        if: always()
        with:
          name: reports
          path: ./**/**/build/reports

  deploy-dev:
    name: "[SERVER] Deploy to Dev"
#    needs:
#      - openapi-linter
#      - client-linter
#      - client-static-analyzer
#      - server-linter
#      - server-static-analyzer
#      - server-unit-tests
#      - server-sonarqube
    runs-on: ubuntu-22.04
    environment:
      name: dev
      url: http://dev.muse.kiryuxa.com
    steps:
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: myshx
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Set up JDK 21 (Temurin)
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21.0"
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - uses: actions/setup-node@v4
        with:
          node-version: "20.16.0"
      - name: "Install `Redocly`"
        run: npm i -g @redocly/cli@latest
      - name: Cache npm dependencies
        uses: actions/cache@v2
        with:
          path: '~/.npm'
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-node-
      - name: Install Dependencies
        run: npm install --prefix client
      - name: Install SSH Key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.DEPLOY_SERVER_SSH_PRIVATE_KEY }}
          known_hosts: 'just-a-placeholder-so-we-dont-get-errors'
      - name: Adding Known Hosts
        run: ssh-keyscan -H kiryuxa.com >> ~/.ssh/known_hosts
      - name: Deploy at home lab
        run: echo "$(pwd)" && ./tools/scripts/deploy.sh dev
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          MUSE_DOCKER_DEFAULT_CONTEXT: default
          MUSE_JWT_SECRET_KEY: ${{ secrets.MUSE_JWT_SECRET_KEY }}
          CI: false # https://stackoverflow.com/questions/34917977/disable-npm-warnings-as-errors-build-definition-tfs
  deploy-staging:
    name: "[SERVER] Deploy to Staging"
    if: github.event.ref == 'refs/heads/main'
    needs:
      - openapi-linter
      - client-linter
      - client-static-analyzer
      - server-linter
      - server-static-analyzer
      - server-unit-tests
      - server-sonarqube
    runs-on: ubuntu-22.04
    environment:
      name: staging
      url: http://staging.muse.kiryuxa.com
    steps:
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: myshx
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Set up JDK 21 (Temurin)
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21.0"
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - uses: actions/setup-node@v4
        with:
          node-version: "20.16.0"
      - name: "Install `Redocly`"
        run: npm i -g @redocly/cli@latest
      - name: Cache npm dependencies
        uses: actions/cache@v2
        with:
          path: '~/.npm'
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-node-
      - name: Install Dependencies
        run: npm install --prefix client
      - name: Install SSH Key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.DEPLOY_SERVER_SSH_PRIVATE_KEY }}
          known_hosts: 'just-a-placeholder-so-we-dont-get-errors'
      - name: Adding Known Hosts
        run: ssh-keyscan -H kiryuxa.com >> ~/.ssh/known_hosts
      - name: Deploy at home lab
        run: echo "$(pwd)" && ./tools/scripts/deploy.sh staging
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          MUSE_DOCKER_DEFAULT_CONTEXT: default
          MUSE_JWT_SECRET_KEY: ${{ secrets.MUSE_JWT_SECRET_KEY }}
          CI: false # https://stackoverflow.com/questions/34917977/disable-npm-warnings-as-errors-build-definition-tfs
  deploy-prod:
    name: "[SERVER] Deploy to Prod"
    needs:
      - deploy-staging
    runs-on: ubuntu-22.04
    environment:
      name: prod
      url: http://prod.muse.kiryuxa.com
    steps:
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: myshx
          password: ${{ secrets.DOCKER_HUB_TOKEN }}
      - name: Checkout Code
        uses: actions/checkout@v4
      - name: Set up JDK 21 (Temurin)
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21.0"
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - uses: actions/setup-node@v4
        with:
          node-version: "20.16.0"
      - name: "Install `Redocly`"
        run: npm i -g @redocly/cli@latest
      - name: Cache npm dependencies
        uses: actions/cache@v2
        with:
          path: '~/.npm'
          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-node-
      - name: Install Dependencies
        run: npm install --prefix client
      - name: Install SSH Key
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.DEPLOY_SERVER_SSH_PRIVATE_KEY }}
          known_hosts: 'just-a-placeholder-so-we-dont-get-errors'
      - name: Adding Known Hosts
        run: ssh-keyscan -H kiryuxa.com >> ~/.ssh/known_hosts
      - name: Deploy at home lab
        run: echo "$(pwd)" && ./tools/scripts/deploy.sh prod
        env:
          SSH_USER: ${{ secrets.SSH_USER }}
          SSH_HOST: ${{ secrets.SSH_HOST }}
          MUSE_DOCKER_DEFAULT_CONTEXT: default
          MUSE_JWT_SECRET_KEY: ${{ secrets.MUSE_JWT_SECRET_KEY }}
          CI: false # https://stackoverflow.com/questions/34917977/disable-npm-warnings-as-errors-build-definition-tfs