.github/workflows/cd-test-deploy.yml

name: CD Test Deploy

on:
  # use target so secrets are not exposed
  pull_request_target:
    types: [ opened, synchronize, reopened ]
    branches: [ dependencies ]

env:
  NAMESPACE: pr-${{ github.event.pull_request.number }}

jobs:
  FrontendCI:
    uses: ./.github/workflows/ci-frontend.yml

  BackendCI:
    uses: ./.github/workflows/ci-backend.yml

  Containerize:
    needs: [ FrontendCI, BackendCI ]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        app: [ frontend, backend ]
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login Docker Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and Push Docker Image
        uses: docker/build-push-action@v6
        with:
          context: ./${{ matrix.app }}
          platforms: linux/arm64
          push: true
          tags: ghcr.io/${{ github.repository }}/${{ matrix.app }}:${{ env.NAMESPACE }}
          cache-from: type=gha,scope=buildkit-${{ matrix.app }}-${{ env.NAMESPACE }}
          cache-to: type=gha,mode=max,scope=buildkit-${{ matrix.app }}-${{ env.NAMESPACE }}

  Deploy:
    needs: [ Containerize ]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Create GitHub Environment
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.GH_PAT }}
          script: |
            const { NAMESPACE } = process.env
            
            await github.rest.repos.createOrUpdateEnvironment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              environment_name: `test/${NAMESPACE}`,
            })

      - name: Setup Kubectl
        uses: Azure/setup-kubectl@v4

      - name: Configure Kubectl
        env:
          K8S_CONFIG: ${{ secrets.K8S_CONFIG }}
        run: |
          mkdir -p $HOME/.kube
          echo "${K8S_CONFIG}" | base64 --decode > $HOME/.kube/config
        shell: bash

      - name: Clear any previous Release
        run: |
          kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
          helm uninstall $NAMESPACE \
          --namespace $NAMESPACE \
          --ignore-not-found
        shell: bash

      - name: Install Chart
        run: |
          helm install $NAMESPACE ./.k8s/app \
          --namespace $NAMESPACE \
          --set ingress.domain=${{ env.NAMESPACE }}.test.k8splay.xyz \
          --set app.image.tag=${{ env.NAMESPACE }} \
          --set keycloak.realm=test \
          --set keycloak.client.secret=${{ secrets.KEYCLOAK_TEST_SECRET }} \
          --wait \
          --atomic \
          --timeout 600s
        shell: bash

      - name: Create GitHub Deployment
        uses: actions/github-script@v7
        env:
          REF: ${{ github.head_ref }}
        with:
          github-token: ${{ secrets.GH_PAT }}
          script: |
            const { NAMESPACE, REF, GITHUB_RUN_ID } = process.env
            // set all previous deployments to inactive
            const deployments = await github.rest.repos.listDeployments({
              owner: context.repo.owner,
              repo: context.repo.repo,
              environment: `test/${NAMESPACE}`,
              per_page: 100,
            })
            for (const deployment of deployments.data) {
              await github.rest.repos.createDeploymentStatus({
                owner: context.repo.owner,
                repo: context.repo.repo,
                deployment_id: deployment.id,
                state: 'inactive',
                environment: `test/${NAMESPACE}`,
              })
            }
            // create new deployment
            const deployment = await github.rest.repos.createDeployment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              ref: REF,
              environment: `test/${NAMESPACE}`,
              auto_merge: false,
              transient_environment: true,
              required_contexts: [],
            })
            await github.rest.repos.createDeploymentStatus({
              owner: context.repo.owner,
              repo: context.repo.repo,
              deployment_id: deployment.data.id,
              state: 'success',
              environment: `test/${NAMESPACE}`,
              environment_url: `https://${NAMESPACE}.test.k8splay.xyz`,
              log_url: `https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${GITHUB_RUN_ID}`
            })