name: 'Acceptance'
on:
  workflow_dispatch:
  push:
    # ... only act on pushes to main
    branches:
      - main
    # ... do not act on release tags
    tags-ignore:
      - v*

env:
  GO_VERSION: "1.14.x"

jobs:
  Build-Snapshot-Artifacts:
    runs-on: ubuntu-latest
    steps:

      - uses: actions/setup-go@v2
        with:
          go-version: ${{ env.GO_VERSION }}

      - uses: actions/checkout@v2

      - name: Restore bootstrap cache
        id: cache
        uses: actions/cache@v2
        with:
          path: |
            ~/go/pkg/mod
            ${{ github.workspace }}/.tmp
          key: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}-${{ hashFiles('Makefile') }}
          restore-keys: |
            ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}-
            ${{ runner.os }}-go-${{ env.GO_VERSION }}-

      - name: Bootstrap dependencies
        if: steps.cache.outputs.cache-hit != 'true'
        run: make ci-bootstrap

      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v2
        env:
          GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}

      - name: GPG signing info
        run: |
          echo "fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
          echo "keyid:       ${{ steps.import_gpg.outputs.keyid }}"
          echo "name:        ${{ steps.import_gpg.outputs.name }}"
          echo "email:       ${{ steps.import_gpg.outputs.email }}"

      - name: Build snapshot artifacts
        run: make snapshot
        env:
          GPG_PRIVATE_KEY: ${{ secrets.SIGNING_GPG_PRIVATE_KEY }}
          PASSPHRASE: ${{ secrets.SIGNING_GPG_PASSPHRASE }}

      - uses: actions/upload-artifact@v2
        with:
          name: artifacts
          path: snapshot/**/*

  # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
  Acceptance-Linux:
    needs: [ Build-Snapshot-Artifacts ]
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v2

      - uses: actions/download-artifact@v2
        with:
          name: artifacts
          path: snapshot

      - name: Run Acceptance Tests (Linux)
        run: make acceptance-linux

  # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
  Acceptance-Mac:
    needs: [ Build-Snapshot-Artifacts ]
    runs-on: macos-latest
    steps:

      - uses: actions/checkout@v2

      - uses: actions/download-artifact@v2
        with:
          name: artifacts
          path: snapshot

      - name: Run Acceptance Tests (Mac)
        run: make acceptance-mac

  # Note: changing this job name requires making the same update in the .github/workflows/release.yaml pipeline
  Inline-Compare:
    needs: [ Build-Snapshot-Artifacts ]
    runs-on: ubuntu-latest
    steps:

      - uses: actions/checkout@v2

      - name: Fingerprint inline-compare sources
        run: make compare-fingerprint

      - name: Restore inline reports cache
        id: cache
        uses: actions/cache@v2
        with:
          path: ${{ github.workspace }}/test/inline-compare/inline-reports
          key: inline-reports-${{ hashFiles('**/inline-compare.fingerprint') }}

      - uses: actions/download-artifact@v2
        with:
          name: artifacts
          path: snapshot

      - name: Compare Anchore inline-scan results against snapshot build output
        run: make compare-snapshot