name: "Acceptance"
on:
  workflow_dispatch:
  push:
    # ... only act on pushes to main
    branches:
      - main
    # ... do not act on release tags
    tags-ignore:
      - v*

env:
  GO_VERSION: "1.14.x"

jobs:
  Build-Snapshot-Artifacts:
    runs-on: macos-latest # We're creating these snapshot builds on macOS to be consistent with our release workflow's build process, which also takes place on macOS (due to code signing requirements).
    steps:
      - uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - uses: actions/checkout@v2

      - name: Restore bootstrap cache
        id: cache
        uses: actions/cache@v2.1.3
        with:
          path: |
            ~/go/pkg/mod
            ${{ github.workspace }}/.tmp
          key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('Makefile') }}
          restore-keys: |
            ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}-
            ${{ runner.os }}-go-${{ env.GO_VERSION }}-

      - name: Bootstrap project dependencies
        if: steps.bootstrap-cache.outputs.cache-hit != 'true'
        run: make bootstrap

      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v2
        env:
          GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}

      - name: GPG signing info
        run: |
          echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
          echo "keyid:       ${{ steps.import_gpg.outputs.keyid }}"
          echo "name:        ${{ steps.import_gpg.outputs.name }}"
          echo "email:       ${{ steps.import_gpg.outputs.email }}"

      - name: Build snapshot artifacts
        run: make snapshot
        env:
          GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}

      - uses: actions/upload-artifact@v2
        with:
          name: artifacts
          path: snapshot/**/*

      - uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          fields: repo,workflow,job,commit,message,author
          text: The syft acceptance tests have failed tragically!
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
        if: ${{ failure() }}

  # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
  Acceptance-Linux:
    needs: [Build-Snapshot-Artifacts]
    # come Nov 30 2020 ubuntu-latest will be ubuntu-20.04, until then it needs to be explicitly referenced due to python 3.7 specific features being used
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v2

      - uses: actions/download-artifact@v2
        with:
          name: artifacts
          path: snapshot

      - name: Run Acceptance Tests (Linux)
        run: make acceptance-linux

      - uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          fields: repo,workflow,job,commit,message,author
          text: The syft acceptance tests have failed tragically!
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
        if: ${{ failure() }}

  # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
  Acceptance-Mac:
    needs: [Build-Snapshot-Artifacts]
    runs-on: macos-latest
    steps:
      - uses: actions/checkout@v2

      - uses: actions/download-artifact@v2
        with:
          name: artifacts
          path: snapshot

      - name: Run Acceptance Tests (Mac)
        run: make acceptance-mac

      - uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          fields: repo,workflow,job,commit,message,author
          text: The syft acceptance tests have failed tragically!
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
        if: ${{ failure() }}

  # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
  Inline-Compare:
    needs: [Build-Snapshot-Artifacts]
    # come Nov 30 2020 ubuntu-latest will be ubuntu-20.04, until then it needs to be explicitly referenced due to python 3.7 specific features being used
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v2

      - name: Fingerprint inline-compare sources
        run: make compare-fingerprint

      - name: Restore inline reports cache
        id: cache
        uses: actions/cache@v2.1.3
        with:
          path: ${{ github.workspace }}/test/inline-compare/inline-reports
          key: inline-reports-${{ hashFiles('**/inline-compare.fingerprint') }}

      - uses: actions/download-artifact@v2
        with:
          name: artifacts
          path: snapshot

      - name: Compare Anchore inline-scan results against snapshot build output
        run: make compare-snapshot

      - uses: 8398a7/action-slack@v3
        with:
          status: ${{ job.status }}
          fields: repo,workflow,job,commit,message,author
          text: The syft acceptance tests have failed tragically!
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }}
        if: ${{ failure() }}