.github/workflows/ci.yml

name: Continuous Integration

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  PROJECT_ID: ${{ secrets.GKE_PROJECT }}
  TAG: ${{ github.sha }}

jobs:
  analyze:
    name: analyze code
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: ["csharp"]
    steps:
      - name: checkout code
        id: checkout-code
        uses: actions/checkout@v4

      - name: initialize codeql
        id: initialize-codeql
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}
          queries: security-and-quality

      - name: setup .net
        id: setup-dotnet
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 8.0.x

      - name: restore cached dependencies
        id: restore-cached-dependencies
        uses: actions/cache@v4
        with:
          path: ~/.nuget/packages
          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
          restore-keys: |
            ${{ runner.os }}-nuget

      - name: restore dependencies
        id: restore-dependencies
        run: dotnet restore src

      - name: 🔨 build application
        id: build-application
        run: dotnet build src --configuration Release --no-restore

      - name: 🧪 perform codeql analysis
        id: perform-codeql-analysis
        uses: github/codeql-action/analyze@v3

  test:
    name: unit test
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
        id: checkout-code
        uses: actions/checkout@v4

      - name: setup .net
        id: setup-dotnet
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 8.0.x

      - name: restore cached dependencies
        id: restore-cached-dependencies
        uses: actions/cache@v4
        with:
          path: ~/.nuget/packages
          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
          restore-keys: |
            ${{ runner.os }}-nuget

      - name: restore dependencies
        id: restore-dependencies
        run: dotnet restore src

      - name: 🔨 build application
        id: build-application
        run: dotnet build src --configuration Release --no-restore

      - name: 🧪 run unit tests
        id: run-unit-tests
        run: |
          cd ./tests/Coding.Blog.Tests/
          dotnet test --configuration Release --no-build --collect:"XPlat Code Coverage" -- DataCollectionRunSettings.DataCollectors.DataCollector.Configuration.Format=opencover
          cp TestResults/*/coverage.opencover.xml .
          
      - name: 💌 publish code coverage
        id: publish-code-coverage
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: /home/runner/work/coding-blog/coding-blog/tests/Coding.Blog.Tests/coverage.opencover.xml
          fail_ci_if_error: true

  lint:
    name: lint code
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
        id: checkout-code
        uses: actions/checkout@v4

      - name: 🧼 lint markdown files
        id: lint-markdown-files
        uses: avto-dev/markdown-lint@v1.5.0

      - name: 🧼 lint json files
        id: lint-json-files
        uses: ocular-d/json-linter@0.0.2

      - name: 🧼 lint renovate config
        id: lint-renovate-config
        uses: suzuki-shunsuke/github-action-renovate-config-validator@v1.1.0
        with:
          config_file_path: "renovate.json"

  verify-docker-build:
    name: verify docker build
    runs-on: ubuntu-latest

    steps:
    - name: checkout code
      id: checkout-code
      uses: actions/checkout@v4

    - name: 🔐 authorize gcloud
      id: authorize-gcloud
      uses: 'google-github-actions/auth@v2'
      with:
        credentials_json: ${{ secrets.GKE_SA_KEY }}

    - name: ☁ setup gcloud cli
      id: setup-gcloud
      uses: google-github-actions/setup-gcloud@v2.1.2
      with:
        project_id: ${{ secrets.GKE_PROJECT }}

    - name: 🔧 configure docker
      id: configure-docker
      run: |-
        gcloud --quiet auth configure-docker

    - name: 🐳 build docker image
      id: build-docker-image
      run: |-
        docker build -f "src/Coding.Blog/Coding.Blog/Dockerfile" \
          --tag "gcr.io/$PROJECT_ID/$TAG" \
          "src"