name: Integration tests for the release process

on:
  push:
    paths:
      - Makefile
      - Dockerfile
      - Dockerfile.rootless
      - docker/**
      - .forgejo/workflows/build-release.yml
      - .forgejo/workflows/build-release-integration.yml
    branches-ignore:
      - renovate/**
  pull_request:
    paths:
      - Makefile
      - Dockerfile
      - Dockerfile.rootless
      - docker/**
      - .forgejo/workflows/build-release.yml
      - .forgejo/workflows/build-release-integration.yml

jobs:
  release-simulation:
    if: vars.ROLE == 'forgejo-coding'
    runs-on: self-hosted
    steps:
      - uses: actions/checkout@v4

      - id: forgejo
        uses: https://data.forgejo.org/actions/setup-forgejo@v2.0.4
        with:
          user: root
          password: admin1234
          image-version: 1.21
          lxc-ip-prefix: 10.0.9

      - name: publish the forgejo release
        shell: bash
        run: |
          set -x

          cat > /etc/docker/daemon.json <<EOF
            {
              "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"]
            }
          EOF
          systemctl restart docker

          apt-get install -qq -y xz-utils

          dir=$(mktemp -d)
          trap "rm -fr $dir" EXIT

          url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"

          function sanity_check() {
            local url=$1 version=$2
            #
            # Minimal sanity checks. Since the binary
            # is a script shell it does not test the sanity of the cross
            # build, only the sanity of the naming of the binaries.
            #
            for arch in amd64 arm64 arm-6 ; do
              local binary=forgejo-$version-linux-$arch
              for suffix in '' '.xz' ; do
                curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix > $binary$suffix
                if test "$suffix" = .xz ; then
                  unxz --keep $binary$suffix
                fi
                chmod +x $binary
                ./$binary --version | grep $version
                curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256
                shasum -a 256 --check $binary$suffix.sha256
                rm $binary$suffix
              done
            done

            local sources=forgejo-src-$version.tar.gz
            curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources
            curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256
            shasum -a 256 --check $sources.sha256

            docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version
            docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless
          }

          #
          # Create a new project with a fake forgejo and the release workflow only
          #
          cp -a .forgejo/testdata/build-release/* $dir
          mkdir -p $dir/.forgejo/workflows
          cp .forgejo/workflows/build-release.yml $dir/.forgejo/workflows
          cp $dir/Dockerfile $dir/Dockerfile.rootless

          forgejo-test-helper.sh push $dir $url root forgejo

          forgejo-curl.sh api_json -X PUT --data-raw '{"data":"${{ steps.forgejo.outputs.token }}"}' $url/api/v1/repos/root/forgejo/actions/secrets/TOKEN
          forgejo-curl.sh api_json -X PUT --data-raw '{"data":"root"}' $url/api/v1/repos/root/forgejo/actions/secrets/DOER
          forgejo-curl.sh api_json -X PUT --data-raw '{"data":"true"}' $url/api/v1/repos/root/forgejo/actions/secrets/VERBOSE

          #
          # Push a tag to trigger the release workflow and wait for it to complete
          #
          version=1.2.3
          sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo main)
          forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/forgejo/tags
          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
          sanity_check $url $version

          #
          # Push a commit to a branch that triggers the build of a test release
          #
          version=1.2-test
          (
            git clone $url/root/forgejo /tmp/forgejo
            cd /tmp/forgejo
            date > DATE
            git config user.email root@example.com
            git config user.name username
            git add .
            git commit -m 'update'
            git push $url/root/forgejo main:forgejo
          )
          sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo forgejo)
          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
          sanity_check $url $version

      - name: full logs
        if: always()
        run: |
          sed -e 's/^/[RUNNER LOGS] /' ${{ steps.forgejo.outputs.runner-logs }}
          docker logs forgejo | sed -e 's/^/[FORGEJO LOGS]/'
          sleep 5 # hack to avoid mixing outputs in Forgejo v1.21