name: 'Production CI/CD Pipeline'

on:
  release:
    types: [released]
  workflow_dispatch:

concurrency: 'production'

env:
  REPO_URL: communitiesuk/mhclg-data-collection-beta

defaults:
  run:
    shell: bash

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:13.5
        env:
          POSTGRES_PASSWORD: password
          POSTGRES_USER: postgres
          POSTGRES_DB: data_collector
        ports:
          - 5432:5432
        # needed because the postgres container does not provide a healthcheck
        # tmpfs makes DB faster by using RAM
        options: >-
          --mount type=tmpfs,destination=/var/lib/postgresql/data
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    env:
      RAILS_ENV: test
      GEMFILE_RUBY_VERSION: 3.1.1
      DB_HOST: localhost
      DB_DATABASE: data_collector
      DB_USERNAME: postgres
      DB_PASSWORD: password

    steps:
      - name: Get latest release with tag
        id: latestrelease
        run: |
          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
      - name: Confirm release tag
        run: |
          echo ${{ steps.latestrelease.outputs.releasetag }}
      - name: Checkout tag
        uses: actions/checkout@v2
        with:
          ref: ${{ steps.latestrelease.outputs.releasetag }}

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          # runs 'bundle install' and caches installed gems automatically
          bundler-cache: true
      - name: Set up node
        uses: actions/setup-node@v2
        with:
          node-version: '16'

      - name: Create DB
        run: |
          bundle exec rake db:prepare

      - name: Compile Assets
        run: |
          bundle exec rake assets:precompile

      - name: Run tests
        run: |
          bundle exec rspec

  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Get latest release with tag
        id: latestrelease
        run: |
          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
      - name: Confirm release tag
        run: |
          echo ${{ steps.latestrelease.outputs.releasetag }}
      - name: Checkout tag
        uses: actions/checkout@v2
        with:
          ref: ${{ steps.latestrelease.outputs.releasetag }}

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          # runs 'bundle install' and caches installed gems automatically
          bundler-cache: true

      - name: Rubocop
        run: |
          bundle exec rubocop

  audit:
    name: Audit dependencies
    runs-on: ubuntu-latest
    steps:
      - name: Get latest release with tag
        id: latestrelease
        run: |
          echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/${REPO_URL}/releases/latest | jq '.tag_name' | sed 's/\"//g')"
      - name: Confirm release tag
        run: |
          echo ${{ steps.latestrelease.outputs.releasetag }}
      - name: Checkout tag
        uses: actions/checkout@v2
        with:
          ref: ${{ steps.latestrelease.outputs.releasetag }}

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          # runs 'bundle install' and caches installed gems automatically
          bundler-cache: true

      - name: Audit
        run: |
          bundle exec bundler-audit

  deploy:
    name: Deploy

    runs-on: ubuntu-latest
    environment: 'production'
    needs: [lint, test, audit]

    steps:
    - name: Get latest release with tag
      id: latestrelease
      run: |
        echo "::set-output name=releasetag::$(curl -s https://api.github.com/repos/communitiesuk/mhclg-data-collection-beta/releases/latest | jq '.tag_name' | sed 's/\"//g')"
    - name: Confirm release tag
      run: |
        echo ${{ steps.latestrelease.outputs.releasetag }}
    - name: Checkout tag
      uses: actions/checkout@v2
      with:
        ref: ${{ steps.latestrelease.outputs.releasetag }}

    - name: Install Cloud Foundry CLI
      run: |
        wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
        echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
        sudo apt-get update
        sudo apt-get install cf8-cli
    - name: Deploy
      env:
        CF_USERNAME: ${{ secrets.CF_USERNAME }}
        CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
        CF_API_ENDPOINT: ${{ secrets.CF_API_ENDPOINT }}
        CF_SPACE: ${{ secrets.CF_SPACE }}
        CF_ORG: ${{ secrets.CF_ORG }}
        APP_NAME: dluhc-core-production
        GOVUK_NOTIFY_API_KEY: ${{ secrets.GOVUK_NOTIFY_API_KEY }}
        APP_HOST: ${{ secrets.APP_HOST }}
        RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
        IMPORT_PAAS_INSTANCE: ${{ secrets.IMPORT_PAAS_INSTANCE }}
        EXPORT_PAAS_INSTANCE: ${{ secrets.EXPORT_PAAS_INSTANCE }}
        SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
      run: |
        cf api $CF_API_ENDPOINT
        cf auth
        cf target -o $CF_ORG -s $CF_SPACE
        cf set-env $APP_NAME GOVUK_NOTIFY_API_KEY $GOVUK_NOTIFY_API_KEY
        cf set-env $APP_NAME APP_HOST $APP_HOST
        cf set-env $APP_NAME RAILS_MASTER_KEY $RAILS_MASTER_KEY
        cf set-env $APP_NAME IMPORT_PAAS_INSTANCE $IMPORT_PAAS_INSTANCE
        cf set-env $APP_NAME EXPORT_PAAS_INSTANCE $EXPORT_PAAS_INSTANCE
        cf set-env $APP_NAME SENTRY_DSN $SENTRY_DSN
        cf push $APP_NAME --strategy rolling