.github/workflows/publish.yml

name: Build, Test and Publish
on:
  push:
    branches:
      - main
  pull_request:
    types: [opened, synchronize, reopened]
  workflow_dispatch:

env:
  SERVICE_NAME: ${{ github.event.repository.name }}
  ACR_REGISTRY: terradevacrpublic.azurecr.io

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: 'gradle'

      - name: Cache Gradle packages
        uses: actions/cache@v2
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: v1-${{ runner.os }}-gradle-refs/heads/dev-${{ github.sha }}

      - name: Gradle build service
        run: ./gradlew --build-cache :service:build -x test

  unit-tests:
    needs: [ build ]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        # Needed by sonar to get the git history for the branch the PR will be merged into.
        with:
          fetch-depth: 0
      - name: Set up JDK
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: 'gradle'

      - name: Test, coverage, and sonar
        run: ./gradlew --build-cache --scan test jacocoTestReport sonar --info
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  publish-job:
    needs: [ build ]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set commit short hash
        id: setHash
        run: |
          git_short_sha=$(git rev-parse --short HEAD)
          echo $git_short_sha
          echo "::set-output name=git_short_sha::${git_short_sha}"

      - name: Construct docker image name and tag
        id: image-name
        # TODO: update the tag
        run: echo ::set-output name=name::${ACR_REGISTRY}/${SERVICE_NAME}:${{ steps.setHash.outputs.git_short_sha }}

      - name: Set up JDK
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: 'gradle'

      - name: Build image locally with jib
        run: |
          ./gradlew --build-cache :service:jibDockerBuild \
          --image=${{ steps.image-name.outputs.name }} \
          -Djib.console=plain

      - name: Run Trivy vulnerability scanner
        # Link to the github location of the action https://github.com/broadinstitute/dsp-appsec-trivy-action
        uses: broadinstitute/dsp-appsec-trivy-action@v1
        with:
          image: ${{ steps.image-name.outputs.name }}

      - name: Push Container image
        run: |
          echo ${{ secrets.ACR_SP_PASSWORD }} | docker login ${ACR_REGISTRY} \
          --username ${{ secrets.ACR_SP_USER }} \
          --password-stdin

          docker push ${{ steps.image-name.outputs.name }}

      - name: Notify slack on failure
        uses: 8398a7/action-slack@v3
        if: failure()
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.LEO_WEB_HOOK_URL }}
        with:
          status: ${{ job.status }}
          author_name: Publish to dev
          fields: job
          text: 'Publish failed :sadpanda:'