.github/workflows/pre-merge-checks.yml


name: build and test

on:
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - reopened
      - ready_for_review
      - synchronize

env:
  SAM_CLI_TELEMETRY: "0"

jobs:
  pre-commit:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-python@v5
      with:
        python-version: '3.11.2'
    - uses: pre-commit/action@v3.0.1
      with:
        extra_args: "detect-secrets --all-files"

  test-node-delete-user-data:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    defaults:
      run:
        working-directory: ./lambdas/delete-user-data
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
          cache-dependency-path: '**/package-lock.json'  # Need this so it looks in lambdas/delete-user-data for the package-lock

      - name: Install dependencies
        run: npm ci

      - name: Linting
        run: npm run lint

      - name: Unit tests
        run: npm run test

  test-java:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'adopt'
          cache: gradle

      - name: Cache SonarCloud packages
        uses: actions/cache@v4
        with:
          path: ~/.sonar/cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar

      - name: Cache Gradle packages
        uses: actions/cache@v4
        with:
          path: ~/.gradle/caches
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
          restore-keys: ${{ runner.os }}-gradle

      - name: Build and unit tests
        run: ./gradlew clean build
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Perform Static Analysis
        if: ${{ github.actor != 'dependabot[bot]' }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: ./gradlew sonar

  api-test:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      id-token: write
      packages: read
      contents: read
    defaults:
      run:
        working-directory: ./api-tests
    steps:
      - uses: actions/checkout@v4

      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: npm
          cache-dependency-path: '**/package-lock.json'

      - name: Setup .npmrc
        run: |
          cp .npmrc.template .npmrc && \
          sed -i s/GITHUB_PAT_WITH_READ:PACKAGES/${{ secrets.GITHUB_TOKEN }}/ .npmrc

      - name: Install dependencies
        run: npm ci

      - name: Linting
        run: npm run lint

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'adopt'
          cache: gradle

      - name: Cache Gradle packages
        uses: actions/cache@v4
        with:
          path: ~/.gradle/caches
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
          restore-keys: ${{ runner.os }}-gradle

      - name: Calculate queue name
        # SQS queue names have a max length of 80 and cannot contain special characters
        run: |
          branch_name=${{ github.head_ref || github.sha }}
          queue_name=`echo $branch_name | sed 's/[^[:alnum:]-]/\_/g' | cut -c1-60`
          echo "queue_name=stubQueue_branch_$queue_name" >> $GITHUB_OUTPUT
        id: extract_queue_name

      - name: Setup app secrets
        run: |
          cp ../local-running/core.local.secrets.template.yaml ../local-running/core.local.secrets.yaml && \
          sed -i s/CIMIT_API_KEY/${{ secrets.API_KEY_CIMIT }}/ ../local-running/core.local.secrets.yaml && \
          sed -i s/EVCS_API_KEY/${{ secrets.API_KEY_EVCS }}/ ../local-running/core.local.secrets.yaml && \
          sed -i s/ASYNC_QUEUE_API_KEY/${{ secrets.ASYNC_QUEUE_API_KEY }}/ ../local-running/core.local.secrets.yaml && \
          sed -i s/ASYNC_QUEUE_NAME/${{ steps.extract_queue_name.outputs.queue_name }}/ ../local-running/core.local.secrets.yaml && \
          sed -i s/TICF_API_KEY/${{ secrets.TICF_API_KEY }}/ ../local-running/core.local.secrets.yaml
          sed -i s/DCMAW_ASYNC_SECRET/${{ secrets.DCMAW_ASYNC_SECRET }}/ ../local-running/core.local.secrets.yaml

      - name: Local API tests
        env:
          ASYNC_QUEUE_NAME: ${{ steps.extract_queue_name.outputs.queue_name }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          MANAGEMENT_CIMIT_STUB_API_KEY: ${{ secrets.MANAGEMENT_CIMIT_STUB_API_KEY }}
          EVCS_STUB_API_KEY: ${{ secrets.API_KEY_EVCS }}
          CRI_STUB_GEN_CRED_API_KEY: ${{ secrets.CRI_STUB_GEN_CRED_API_KEY }}
          MANAGEMENT_TICF_API_KEY: ${{ secrets.MANAGEMENT_TICF_API_KEY }}
          CIMIT_INTERNAL_API_KEY: ${{ secrets.API_KEY_CIMIT }}
        run: npm run test:ci

      - name: Upload API test report
        if: ${{ !cancelled() }}
        uses: actions/upload-artifact@v4
        with:
          name: API test report
          path: api-tests/reports/
          retention-days: 7

  sam-build:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'adopt'
          cache: gradle

      - uses: aws-actions/setup-sam@v2
        with:
          use-installer: true

      - name: Cache Gradle packages
        uses: actions/cache@v4
        with:
          path: ~/.gradle/caches
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
          restore-keys: ${{ runner.os }}-gradle

      - run: sam build -t deploy/template.yaml
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}