.github/workflows/fido.yaml

---
name: Integration test

on:
  issue_comment:
    types:
      - created

jobs:
  pr-info:
    if: ${{ github.event.issue.pull_request &&
            (startsWith(github.event.comment.body, '/fido-test-all') ||
            startsWith(github.event.comment.body, '/fido-test-container')) }}
    runs-on: ubuntu-latest
    steps:
      - name: Query author repository permissions
        uses: octokit/request-action@v2.x
        id: user_permission
        with:
          route: GET /repos/${{ github.repository }}/collaborators/${{ github.event.sender.login }}/permission
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      # restrict running of tests to users with admin or write permission for the repository
      # see https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#get-repository-permissions-for-a-user
      - name: Check if user does have correct permissions
        if: contains('admin write', fromJson(steps.user_permission.outputs.data).permission)
        id: check_user_perm
        run: |
          echo "User '${{ github.event.sender.login }}' has permission '${{ fromJson(steps.user_permission.outputs.data).permission }}' allowed values: 'admin', 'write'"
          echo "allowed_user=true" >> $GITHUB_OUTPUT
      - name: Get information for pull request
        uses: octokit/request-action@v2.x
        id: pr-api
        with:
          route: GET /repos/${{ github.repository }}/pulls/${{ github.event.issue.number }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    outputs:
      allowed_user: ${{ steps.check_user_perm.outputs.allowed_user }}
      sha: ${{ fromJson(steps.pr-api.outputs.data).head.sha }}

  pre-fido-container:
    needs: pr-info
    if: ${{ needs.pr-info.outputs.allowed_user == 'true' }} &&
            (startsWith(github.event.comment.body, '/fido-test-all') ||
            startsWith(github.event.comment.body, '/fido-test-container'))}}
    runs-on: ubuntu-latest
    env:
      STATUS_NAME: fido-container-cs9

    steps:
      - name: Create in-progress status
        uses: octokit/request-action@v2.x
        with:
          route: 'POST /repos/${{ github.repository }}/statuses/${{ needs.pr-info.outputs.sha }}'
          context: ${{ env.STATUS_NAME }}
          state: pending
          description: 'Deploy runner'
          target_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  fido-container:
    needs: [pr-info, pre-fido-container]
    if: ${{ needs.pr-info.outputs.allowed_user == 'true' }} &&
            (startsWith(github.event.comment.body, '/test-all') ||
            startsWith(github.event.comment.body, '/test-container'))}}
    runs-on: [kite, x86_64, gcp, centos-stream-9, large]
    env:
      STATUS_NAME: fido-container-cs9

    steps:
      - name: Create in-progress status
        uses: octokit/request-action@v2.x
        with:
          route: 'POST /repos/${{ github.repository }}/statuses/${{ needs.pr-info.outputs.sha }}'
          context: ${{ env.STATUS_NAME }}
          state: pending
          target_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Install required packages
        run: sudo dnf install -y make gcc openssl openssl-devel findutils golang git tpm2-tss-devel swtpm swtpm-tools git clevis clevis-luks cryptsetup cryptsetup-devel clang-devel cracklib-dicts rust-toolset rpmdevtools python3-docutils createrepo_c podman buildah skopeo

      - name: Clone repository
        uses: actions/checkout@v3
        with:
          ref: ${{ needs.pr-info.outputs.sha }}
          fetch-depth: 0

      - name: Checkout fido-device-onboard-rs code
        uses: actions/checkout@v3
        with:
          repository: fedora-iot/fido-device-onboard-rs
          path: fido

      - name: Build fido containers
        uses: ./.github/actions/build_containers

      - name: Replace Makefile and make-vendored-tarfile.sh
        run: |
          cp fido-test/make-vendored-tarfile.sh fido/
          cp fido-test/Makefile fido/

      - name: Build fido PRM pakcages
        run: make rpm
        working-directory: fido

      - name: Prepare
        run: |
          sudo mkdir -p /var/www/html/source
          sudo cp ./fido/rpmbuild/RPMS/x86_64/* /var/www/html/source/ 2>/dev/null || :
          sudo createrepo_c /var/www/html/source
          sudo ls -al /var/www/html/source

      - name: Run fdo-container.sh test
        run: ./fdo-container.sh
        working-directory: fido-test
        timeout-minutes: 100

      - name: Set result status
        if: always()
        uses: octokit/request-action@v2.x
        with:
          route: 'POST /repos/${{ github.repository }}/statuses/${{ needs.pr-info.outputs.sha }}'
          context: ${{ env.STATUS_NAME }}
          state: ${{ job.status }}
          target_url: 'https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}'
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}