name: Build and Test

on:
  pull_request:
  push:
  merge_group:
  workflow_dispatch:

# Don't grant any access by default
permissions: {}

jobs:
  test:
    name: Build and Test
    runs-on: ubuntu-latest
    permissions:
        contents: read
    concurrency:
      # Ref: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
      # github.head_ref: head_ref or source branch of the pull request
      # github.ref: ref of the branch that triggered the workflow
      group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}-${{ github.event_name }}-${{ matrix.images.target }}
      cancel-in-progress: true
    strategy:
      fail-fast: false
      matrix:
        images:
          - prefix: slim-
            target: slim
          - prefix: ""
            target: standard
    timeout-minutes: 60
    env:
      CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
      CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
      CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Update action.yml
        run: |
          echo "yq version: $(yq --version)"
          yq '.runs.image = env(CONTAINER_IMAGE_ID)' -i action.yml
          echo "Action file contents:"
          cat action.yml

      - name: Set build metadata
        run: |
          if [[ ${{ github.event_name }} == 'push' ]] || [[ ${{ github.event_name }} == 'merge_group' ]]; then
            BUILD_REVISION=${{ github.sha }}
            BUILD_VERSION=${{ github.sha }}
          elif [[ ${{ github.event_name }} == 'pull_request' ]]; then
            BUILD_REVISION=${{ github.event.pull_request.head.sha }}
            BUILD_VERSION=${{ github.event.pull_request.head.sha }}
          else
            echo "[ERROR] Event not supported when setting build revision and build version"
            exit 1
          fi

          if [ -z "${BUILD_REVISION}" ]; then
            echo "[ERROR] BUILD_REVISION is empty"
            exit 1
          fi

          if [ -z "${BUILD_VERSION}" ]; then
            echo "[ERROR] BUILD_VERSION is empty"
            exit 1
          fi

          {
            echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
            echo "BUILD_REVISION=${BUILD_REVISION}"
            echo "BUILD_VERSION=${BUILD_VERSION}"
          } >> "${GITHUB_ENV}"

      - name: Free Disk space
        shell: bash
        run: |
          sudo rm -rf /usr/local/lib/android
          sudo rm -rf /usr/share/dotnet

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build Image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          build-args: |
            BUILD_DATE=${{ env.BUILD_DATE }}
            BUILD_REVISION=${{ env.BUILD_REVISION }}
            BUILD_VERSION=${{ env.BUILD_VERSION }}
          cache-from: type=registry,ref=${{ env.CONTAINER_IMAGE_ID }}-buildcache
          outputs: type=docker,dest=/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
          push: false
          secrets: |
            GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
          tags: |
            ${{ env.CONTAINER_IMAGE_ID }}
          target: "${{ matrix.images.target }}"

      # Load the image here because the docker/build-push-action doesn't support multiple exporters yet
      # Ref: https://github.com/docker/build-push-action/issues/413
      # Ref: https://github.com/moby/buildkit/issues/1555
      - name: Load image
        run: |
          docker load <"/tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar"

      - name: Test Local Action (debug log)
        uses: ./
        env:
          LOG_LEVEL: DEBUG
          CREATE_LOG_FILE: true
          VALIDATE_ALL_CODEBASE: false
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
          FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
          RENOVATE_SHAREABLE_CONFIG_PRESET_FILE_NAMES: "default.json,hoge.json"
          TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"

      - name: Get the contents of the log file
        run: |
          sudo cat super-linter.log
          sudo rm -v super-linter.log

      - name: Test Local Action (default log)
        uses: ./
        env:
          VALIDATE_ALL_CODEBASE: false
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITLEAKS_CONFIG_FILE: .gitleaks-ignore-tests.toml
          FILTER_REGEX_EXCLUDE: ".*(/test/linters/|CHANGELOG.md).*"
          TYPESCRIPT_STANDARD_TSCONFIG_FILE: ".github/linters/tsconfig.json"

      # Validate the container image labels here so we don't have to pass the expected
      # label values to other build jobs
      - name: Validate container image labels
        run: make validate-container-image-labels

      - name: Upload ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
        uses: actions/upload-artifact@v4.3.1
        with:
          name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
          path: /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar

  build-test-suite-matrix:
    name: Build test suite matrix
    runs-on: ubuntu-latest
    needs: test
    permissions:
      contents: read
    outputs:
      matrix: ${{ steps.generate-matrix.outputs.test-cases }}
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Generate test cases matrix
        id: generate-matrix
        run: |
          TEST_TARGETS=$(make -pRrq 2>&1 | grep 'test:' | tr -d '\n' | sed -e "s/^test: //" | jq --raw-input --slurp --compact-output 'split(" ")')
          echo "TEST_TARGETS: ${TEST_TARGETS}"
          echo "test-cases=${TEST_TARGETS}" >> "${GITHUB_OUTPUT}"

  run-test-suite:
    name: Run test cases
    runs-on: ubuntu-latest
    permissions:
      contents: read
    needs: build-test-suite-matrix
    strategy:
      matrix:
        test-case: ${{ fromJson(needs.build-test-suite-matrix.outputs.matrix) }}
        images:
          - container-image-id: super-linter-latest
            prefix: ""
            target: standard
          - container-image-id: super-linter-slim-latest
            prefix: slim-
            target: slim
        exclude:
          # Don't validate container image labels because we do that when building the image
          - test-case: validate-container-image-labels
    env:
      CONTAINER_IMAGE_ID: "ghcr.io/super-linter/super-linter:${{ matrix.images.prefix }}latest"
      CONTAINER_IMAGE_TARGET: "${{ matrix.images.target }}"
      CONTAINER_IMAGE_OUTPUT_IMAGE_NAME: "super-linter-${{ matrix.images.prefix }}latest"
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Download ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
        uses: actions/download-artifact@v4.1.4
        with:
          name: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}
          path: /tmp

      - name: Load ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} container image
        run: |
          docker load --input /tmp/${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }}.tar
          docker image ls -a

      - name: "Test case: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
        run: |
          echo "Running: ${{ env.CONTAINER_IMAGE_OUTPUT_IMAGE_NAME }} - ${{ matrix.test-case }}"
          make ${{ matrix.test-case }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  preview-release-notes:
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    permissions:
        contents: read
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup authentication token
        run: |
          echo "${{ secrets.GITHUB_TOKEN }}" > .github-personal-access-token

      - name: Generate a preview of the release notes
        run: |
          make release-please-dry-run