---
# This workflow is actually running
# tests (with localstack) but the
# name is used for the badge in README.md

name: Build

on:
  push:
    branches:
      - master
      - releases/**
    paths-ignore:
      - 'README.md'
  pull_request:
    branches:
      - master
      - releases/**
    paths-ignore:
      - 'README.md'

# these env variables are for localstack, so we can emulate aws services
env:
  RICHGO_FORCE_COLOR: 1
  AWS_HOST: localstack
  # these are to mimic aws config
  AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
  AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
  AWS_REGION: us-east-1
  KINESIS_INITIALIZE_STREAMS: "stream-1-shard:1,stream-2-shards:2"
  CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF: true

jobs:
  build:
    strategy:
      matrix:
        go-version: ["1.20.3"]

    name: "Build + tests"
    runs-on: ubuntu-latest
    services:
      localstack:
        image: localstack/localstack:1.3.0
        ports:
        - 4566:4566  # Localstack exposes all services on the same port
        env:
          DEBUG: ""
          LAMBDA_EXECUTOR: ""
          KINESIS_ERROR_PROBABILITY: ""
          DOCKER_HOST: unix:///var/run/docker.sock
          KINESIS_INITIALIZE_STREAMS: ${{ env.KINESIS_INITIALIZE_STREAMS }}
          HOSTNAME_EXTERNAL: ${{ env.AWS_HOST }}  # Required so that resource urls are provided properly
          # e.g sqs url will get localhost if we don't set this env to map our service
        options: >-
          --name=localstack
          --health-cmd="curl -sS 127.0.0.1:4566 || exit 1"
          --health-interval=10s
          --health-timeout=5s
          --health-retries=3
      zoo1:
        image: confluentinc/cp-zookeeper:7.3.0
        ports:
          - "2181:2181"
        env:
          ZOOKEEPER_CLIENT_PORT: 2181
          ZOOKEEPER_SERVER_ID: 1
          ZOOKEEPER_SERVERS: zoo1:2888:3888
        options: >-
          --name=zoo1
          --health-cmd "jps -l | grep zookeeper"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

      kafka1:
        image: crowdsecurity/kafka-ssl
        ports:
          - "9093:9093"
          - "9092:9092"
          - "9999:9999"
        env:
          KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://127.0.0.1:19092,LISTENER_DOCKER_EXTERNAL://127.0.0.1:9092,LISTENER_DOCKER_EXTERNAL_SSL://127.0.0.1:9093
          KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL:PLAINTEXT,LISTENER_DOCKER_EXTERNAL_SSL:SSL
          KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_DOCKER_INTERNAL
          KAFKA_ZOOKEEPER_CONNECT: "zoo1:2181"
          KAFKA_BROKER_ID: 1
          KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
          KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
          KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
          KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
          KAFKA_JMX_PORT: 9999
          KAFKA_JMX_HOSTNAME: "127.0.0.1"
          KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
          KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "true"
          KAFKA_SSL_KEYSTORE_FILENAME: kafka.kafka1.keystore.jks
          KAFKA_SSL_KEYSTORE_CREDENTIALS: kafka1_keystore_creds
          KAFKA_SSL_KEY_CREDENTIALS: kafka1_sslkey_creds
          KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.kafka1.truststore.jks
          KAFKA_SSL_TRUSTSTORE_CREDENTIALS: kafka1_truststore_creds
          KAFKA_SSL_ENABLED_PROTOCOLS: TLSv1.2
          KAFKA_SSL_PROTOCOL: TLSv1.2
          KAFKA_SSL_CLIENT_AUTH: none
          KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true"
        options: >-
          --name=kafka1
          --health-cmd "kafka-broker-api-versions --version"
          --health-interval 10s
          --health-timeout 10s
          --health-retries 5

    steps:

    - name: "Set up Go ${{ matrix.go-version }}"
      uses: actions/setup-go@v3
      with:
        go-version: ${{ matrix.go-version }}

    - name: Check out CrowdSec repository
      uses: actions/checkout@v3
      with:
        fetch-depth: 0
        submodules: false

    - name: Cache Go modules
      uses: actions/cache@v3
      with:
        path: |
          ~/go/pkg/mod
          ~/.cache/go-build
          ~/Library/Caches/go-build
          %LocalAppData%\go-build
        key: ${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum') }}
        restore-keys: |
          ${{ runner.os }}-${{ matrix.go-version }}-go-

    - name: Build and run tests
      run: |
        go install github.com/ory/go-acc@v0.2.8
        go install github.com/kyoh86/richgo@v0.3.10
        set -o pipefail
        make build
        make go-acc | richgo testfilter

    - name: Upload unit coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        files: coverage.out
        flags: unit-linux

    - name: golangci-lint
      uses: golangci/golangci-lint-action@v3
      with:
        version: v1.51
        args: --issues-exit-code=1 --timeout 10m
        only-new-issues: false
        # the cache is already managed above, enabling it here
        # gives errors when extracting
        skip-pkg-cache: true
        skip-build-cache: true