.github/workflows/analysis.yml

name: "Analysis"

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

jobs:
  lint:
    name: Lint Api
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - uses: denoland/setup-deno@v1
        with:
          deno-version: v1.x
      - name: Run lint
        working-directory: ./api
        # FIXME
        continue-on-error: true
        run: deno lint

  code-audit:
    name: Code audit
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install NodeJS
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: 'Audit dashboard dependencies'
        run: npm audit --audit-level moderate && exit 0 || $([[ $? -ge 8 ]] && exit 1 || exit 0)
        working-directory: dashboard

      - name: 'Audit public site dependencies'
        run: npm audit --audit-level moderate && exit 0 || $([[ $? -ge 8 ]] && exit 1 || exit 0)
        working-directory: public


  python-code-audit:
    name: Python code audit
    runs-on: ubuntu-latest
    env:
      DEP_PATH: notebooks/requirements.txt
    steps:
      - name: Check out master
        uses: actions/checkout@master

      - name: Security vulnerabilities scan
        uses: pyupio/safety-action@v1
        with:
          api-key: ${{ secrets.SAFETY_API_KEY }}

  test:
    needs: [lint, code-audit]
    name: Test
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - uses: actions/cache@v4
        with:
          path: |
            ~/.deno
            ~/.cache/deno
          key: ${{ runner.os }}-deno-${{ hashFiles('**/deno.lock') }}
      - uses: denoland/setup-deno@v1
        with:
          deno-version: v1.x
      - uses: taiki-e/install-action@v2
        with:
          tool: just@1.24.0
      - name: Run unit test
        run: just ci_test_unit
        working-directory: api
        env:
          APP_POSTGRES_URL: postgres://
          APP_REDIS_URL: redis://

  codeql:
    needs: test
    name: CodeQL
    runs-on: ubuntu-latest

    strategy:
      matrix:
        language: ['javascript']

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        fetch-depth: 2

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        config-file: ./.github/codeql/codeql-config.yml

    - name: Autobuild
      uses: github/codeql-action/autobuild@v3

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3

  e2e:
    needs: test
    name: Test integration
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - uses: actions/cache@v4
        with:
          path: |
            ~/.deno
            ~/.cache/deno
          key: ${{ runner.os }}-deno-${{ hashFiles('**/deno.lock') }}

      - uses: denoland/setup-deno@v1
        with:
          deno-version: v1.x

      - uses: taiki-e/install-action@v2
        with:
          tool: just@1.24.0

      - name: Add host entries
        run: | 
          sudo echo "127.0.0.1 api.covoiturage.test" | sudo tee -a /etc/hosts
          sudo echo "127.0.0.1 s3.covoiturage.test" | sudo tee -a /etc/hosts
          sudo echo "127.0.0.1 download.covoiturage.test" | sudo tee -a /etc/hosts
          sudo echo "127.0.0.1 local-pdc-export.s3.covoiturage.test" | sudo tee -a /etc/hosts
          sudo echo "127.0.0.1 auth.covoiturage.test" | sudo tee -a /etc/hosts

      - name: Run integration tests
        env:
          APP_POSTGRES_URL: postgres://postgres:postgres@localhost:5432/test
          AWS_ACCESS_KEY_ID: minioadmin
          APP_POSTGRES_TIMEOUT: 120000
          AWS_SECRET_ACCESS_KEY: minioadmin
          AWS_ENDPOINT: http://localhost:9000
          AWS_BUCKET_PREFIX: local-pdc
          APP_REDIS_URL: redis://localhost:6379
          INTEGRATION_MAILER_SMTP_HOST: localhost
          APP_CEE_PUBLIC_KEY_PATH: ${{ github.workspace }}/docker/api/certs/publicKey.pem
          APP_CEE_PRIVATE_KEY_PATH: ${{ github.workspace }}/docker/api/certs/privateKey.pem
          APP_MAIL_SMTP_URL: smtp://localhost:1025
          APP_DATAGOUV_URL: null
          APP_DATAGOUV_KEY: null
          APP_JWT_SECRET: null
          APP_SESSION_SECRET: null
          APP_ROUTECACHE_AUTHTOKEN: null
          AWS_REGION: fr-par
          KC_BOT_CLIENT: pdc-bot
          KC_BOT_CLIENT_SECRET: so_secret_000
          KC_ADMIN_CLIENT: pdc-manager
          KC_ADMIN_CLIENT_SECRET: so_secret_000
        run: just ci_test_integration
        working-directory: api