.github/workflows/action.yaml

name: Mbin Workflow
on:
  pull_request:
    branches:
      - main
      - develop
      - dev/new_features
  push:
    branches:
      - main
      - dev/new_features
    tags:
      - 'v*'

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: danger89/mbin-pipeline:1.2.0
    steps:
      - uses: actions/checkout@v4

      - name: Get NPM cache directory path
        id: npm-cache-dir-path
        run: echo "dir=$(npm get cache)" >> $GITHUB_OUTPUT

      - name: Calculate package-lock.json hash
        id: npm-lock-hash
        run: |
          echo "hash=$(md5sum package-lock.json)" >> $GITHUB_OUTPUT

      - name: Get Composer Cache Directory
        id: composer-cache
        run: |
          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

      - name: Calculate composer.lock hash
        id: composer-lock-hash
        run: |
          echo "hash=$(md5sum composer.lock)" >> $GITHUB_OUTPUT

      - uses: actions/cache@v4
        id: npm-cache # use this to check for `cache-hit` (`steps.npm-cache.outputs.cache-hit != 'true'`)
        with:
          path: ${{ steps.npm-cache-dir-path.outputs.dir }}
          key: ${{ runner.os }}-npm-${{ steps.npm-lock-hash.outputs.hash }}
          restore-keys: ${{ runner.os }}-npm-

      - uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-no-dev-${{ steps.composer-lock-hash.outputs.hash }}
          restore-keys: ${{ runner.os }}-composer-no-dev-

      - run: cp .env.example .env
      - name: Composer install
        run: composer install --no-dev --no-progress
      - name: NPM install
        run: npm ci --include=dev
        env:
          NODE_ENV: production

      - name: Build frontend (production)
        run: npm run build

  unit-test:
    runs-on: ubuntu-latest
    container:
      image: danger89/mbin-pipeline:1.2.0
    steps:
      - uses: actions/checkout@v4

      - name: Get Composer Cache Directory
        id: composer-cache
        run: |
          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

      - name: Calculate composer.lock hash
        id: composer-lock-hash
        run: |
          echo "hash=$(md5sum composer.lock)" >> $GITHUB_OUTPUT

      - uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-${{ steps.composer-lock-hash.outputs.hash }}
          restore-keys: ${{ runner.os }}-composer-

      - run: cp .env.example .env
      - name: Composer install
        run: composer install --no-scripts --no-progress

      - name: Run unit tests
        env:
          COMPOSER_CACHE_DIR: ${{ steps.composer-cache.outputs.dir }}
          SYMFONY_DEPRECATIONS_HELPER: disabled
        run: php bin/phpunit tests/Unit

  audit-check:
    runs-on: ubuntu-latest
    container:
      image: danger89/mbin-pipeline:1.2.0
    continue-on-error: true
    steps:
      - uses: actions/checkout@v4

      - name: Get Composer Cache Directory
        id: composer-cache
        run: |
          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

      - name: Calculate composer.lock hash
        id: composer-lock-hash
        run: |
          echo "hash=$(md5sum composer.lock)" >> $GITHUB_OUTPUT

      - uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-${{ steps.composer-lock-hash.outputs.hash }}
          restore-keys: ${{ runner.os }}-composer-

      - run: cp .env.example .env
      - name: Composer install
        run: composer install --no-scripts --no-progress

      - name: Run Npm audit
        run: npm audit --omit=dev

      - name: Run Composer audit
        env:
          COMPOSER_AUDIT_ABANDONED: ignore
        run: composer audit

  fixer-dry-run:
    runs-on: ubuntu-latest
    container:
      image: danger89/mbin-pipeline:1.2.0
    steps:
      - uses: actions/checkout@v4

      - name: Get Composer Cache Directory
        id: composer-cache
        run: |
          echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT

      - name: Calculate tools/composer.lock hash
        id: composer-lock-hash
        run: |
          echo "hash=$(md5sum tools/composer.lock)" >> $GITHUB_OUTPUT

      - uses: actions/cache@v4
        with:
          path: ${{ steps.composer-cache.outputs.dir }}
          key: ${{ runner.os }}-composer-tools-${{ steps.composer-lock-hash.outputs.hash }}
          restore-keys: ${{ runner.os }}-composer-tools-

      - name: Composer tools install
        run: composer -d tools install --no-scripts --no-progress

      - name: php-cs-fixer dry-run
        run: tools/vendor/bin/php-cs-fixer fix --dry-run -v --show-progress=none #--format=checkstyle #would be nice if codeberg did something with this like github does.

  build-and-publish-docker-image:
    runs-on: ubuntu-latest
    # Let's only run this on branches and tagged releases only
    # Because the Docker build takes quite some time.
    if: github.event_name != 'pull_request'
    permissions:
      contents: write
      packages: write
    steps:
      - uses: actions/checkout@v4

      - name: Login to ghcr
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Docker meta data
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ghcr.io/mbinorg/mbin

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./docker/Dockerfile
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
# TODO: Integration tests