.github/workflows/pipeline.yml

name: Pipeline build

on:
  push:
    #paths:
    #  - 'src/backend/**'
    branches:
      - '*'

env:
  PROJECT_ID: terrafarm-378218
  GAR_LOCATION: europe-west4
  GAR_REPOSITORY: pipelines-dev
  GCP_FA_PRIVATE_KEY: ${{ secrets.GCP_FA_PRIVATE_KEY }}
  
jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: actions/setup-python@v4
        name: Setup Python 3.10
        with:
          python-version: "3.10"
          cache: 'pip'
      - run: |
          cd src/backend
          python -m pip install --upgrade pip
          pip install mypy pylint
          pip install -r requirements.txt

      - name: Run pylint
        run: |
          cd src/backend
          pylint ./pipeline --fail-under 9

      - name: Run mypy
        run: |
          cd src/backend
          mypy . --explicit-package-bases

  test:
    runs-on: ubuntu-latest
    steps:  
      - name: Checkout
        uses: actions/checkout@v2

      - name: Set up Python 3.10
        uses: actions/setup-python@v4
        with:
          python-version: "3.10"

      - name: Install dependencies
        run: |
          cd src/backend
          python -m pip install --upgrade pip
          pip install pytest
          pip install -r requirements.txt

      - name: Run pytest
        run: pytest 

  deploy:
    needs: [lint, test]

    # Add 'id-token' with the intended permissions for workload identity federation
    permissions:
      contents: 'read'
      id-token: 'write'

    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      # Retrieve authentication token
      - name: Google Auth
        id: auth
        uses: 'google-github-actions/auth@v0'
        with:
          token_format: 'access_token'
          workload_identity_provider: 'projects/389517956549/locations/global/workloadIdentityPools/github/providers/github-provider'
          service_account: 'github-493@terrafarm-378218.iam.gserviceaccount.com' 
          
      # Authenticate Docker to Google Cloud Artifact Registry
      - name: Docker Auth
        id: docker-auth
        uses: 'docker/login-action@v1'
        with:
          username: 'oauth2accesstoken'
          password: '${{ steps.auth.outputs.access_token }}'
          registry: '${{ env.GAR_LOCATION }}-docker.pkg.dev'

      # Build the container and then push it to the Artifact Registry
      - name: Build and Push to GAR
        run: |-
          cd src/backend
          docker build -t "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/latest:${{ github.sha }}" ./
          docker push "${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/latest:${{ github.sha }}"

      # If required, use the Cloud Run url output in later steps
      - name: Show Output
        run: echo ${{ steps.deploy.outputs.url }}