name: CI Workflow
on: push
permissions:
  contents: read
jobs:
  doc-generator:
    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    permissions:
      contents: read
      pages: write
      id-token: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          lfs: true
          show-progress: false
          submodules: true
      - name: Marking workdir safe
        run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Generate documentation
        run: make render_docs DOCS_BASE_URL=https://luzifer.github.io/twitch-bot/
      - name: Upload GitHub Pages artifact
        uses: actions/upload-pages-artifact@v1
        with:
          path: .rendered-docs
      - name: Deploy artifact
        uses: actions/deploy-pages@v1
  docker-publish:
    if: ${{ startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/master' }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    permissions:
      packages: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Log into registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Docker Build & Publish
        run: bash ci/docker-publish.sh
  integration-crdb:
    if: ${{ github.ref == 'refs/heads/master' }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    runs-on: ubuntu-latest
    services:
      crdb:
        image: luzifer/crdb-gh-service
        options: --health-cmd "curl -sSf http://localhost:8080/health" --health-interval 10s --health-timeout 5s --health-retries 5
    steps:
      - name: Install required packages
        run: |
          pacman -Syy --noconfirm \
            cockroachdb-bin
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Marking workdir safe
        run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Set up CRDB service
        run: |
          cockroach sql --host crdb --insecure <<EOF
          CREATE DATABASE integration;
          CREATE USER "twitch_bot" WITH PASSWORD NULL;
          ALTER DATABASE integration OWNER to "twitch_bot";
          EOF
      - name: Run tests against CRDB
        env:
          GO_TEST_DB_ENGINE: postgres
          GO_TEST_DB_DSN: host=crdb user=twitch_bot dbname=integration port=26257 sslmode=disable timezone=UTC
        run: make short_test
  integration-mariadb:
    if: ${{ github.ref == 'refs/heads/master' }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    runs-on: ubuntu-latest
    services:
      mariadb:
        image: mariadb:11
        env:
          MYSQL_PASSWORD: twitch-bot-pass
          MYSQL_ROOT_PASSWORD: root-pass
          MYSQL_USER: twitch-bot
        options: --health-cmd "healthcheck.sh --connect --innodb_initialized" --health-interval 10s --health-timeout 5s --health-retries 5
    steps:
      - name: Install required packages
        run: |
          pacman -Syy --noconfirm \
            mariadb-clients
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Marking workdir safe
        run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Set up MariaDB service
        run: |
          mariadb -h mariadb -u root --password=root-pass <<EOF
          CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
          GRANT ALL ON integration.* TO 'twitch-bot'@'%';
          EOF
      - name: Run tests against MariaDB
        env:
          GO_TEST_DB_ENGINE: mysql
          GO_TEST_DB_DSN: twitch-bot:twitch-bot-pass@tcp(mariadb:3306)/integration?charset=utf8mb4&parseTime=True
        run: make short_test
  integration-mysql:
    if: ${{ github.ref == 'refs/heads/master' }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    runs-on: ubuntu-latest
    services:
      mysql:
        image: mysql:8
        env:
          MYSQL_PASSWORD: twitch-bot-pass
          MYSQL_ROOT_PASSWORD: root-pass
          MYSQL_USER: twitch-bot
        options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 5
    steps:
      - name: Install required packages
        run: |
          pacman -Syy --noconfirm \
            mariadb-clients
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Marking workdir safe
        run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Set up MySQL service
        run: |
          mariadb --skip-ssl -h mysql -u root --password=root-pass <<EOF
          CREATE DATABASE integration DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
          GRANT ALL ON integration.* TO 'twitch-bot'@'%';
          EOF
      - name: Run tests against MySQL
        env:
          GO_TEST_DB_ENGINE: mysql
          GO_TEST_DB_DSN: twitch-bot:twitch-bot-pass@tcp(mysql:3306)/integration?charset=utf8mb4&parseTime=True
        run: make short_test
  integration-postgres:
    if: ${{ github.ref == 'refs/heads/master' }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:15
        env:
          POSTGRES_PASSWORD: twitch-bot-pass
        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Marking workdir safe
        run: git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Run tests against PostgreSQL
        env:
          GO_TEST_DB_ENGINE: postgres
          GO_TEST_DB_DSN: host=postgres user=postgres password=twitch-bot-pass dbname=postgres port=5432 sslmode=disable timezone=UTC
        run: make short_test
  release:
    if: ${{ startsWith(github.ref, 'refs/tags/v') }}
    needs:
      - test
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    permissions:
      contents: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Marking workdir safe
        run: |
          git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Build release
        run: make publish
      - name: Extract changelog
        run: awk "/^#/ && ++c==2{exit}; /^#/f" "History.md" | tail -n +2 >release_changelog.md
      - name: Update stable branch
        run: |
          git branch -f stable ${GITHUB_SHA}
          git push -f origin stable
      - name: Release
        uses: ncipollo/release-action@v1
        with:
          artifacts: .build/*
          bodyFile: release_changelog.md
          draft: false
          generateReleaseNotes: false
  test:
    if: ${{ github.ref != 'refs/heads/stable' }}
    defaults:
      run:
        shell: bash
    container:
      image: luzifer/gh-arch-env
      env:
        CGO_ENABLED: 0
        GOPATH: /go
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          show-progress: false
      - name: Marking workdir safe
        run: |
          git config --global --add safe.directory /__w/twitch-bot/twitch-bot
      - name: Lint and test code
        run: make lint test frontend_lint
      - name: Build release (quick local for compile)
        run: make build_prod
      - name: Execute Trivy scan
        run: make trivy