wiregui/.forgejo/workflows/dev.yml

name: Dev

on:
  push:
    branches:
      - dev

jobs:
  test:
    runs-on: docker
    container:
      image: python:3.13-slim
    services:
      postgres:
        image: postgres:17
        env:
          POSTGRES_USER: wiregui
          POSTGRES_PASSWORD: wiregui
          POSTGRES_DB: wiregui
        options: >-
          --health-cmd "pg_isready -U wiregui"
          --health-interval 5s
          --health-timeout 5s
          --health-retries 5
      valkey:
        image: valkey/valkey:8
        options: >-
          --health-cmd "valkey-cli ping"
          --health-interval 5s
          --health-timeout 5s
          --health-retries 5
      mock-oidc:
        image: ghcr.io/navikt/mock-oauth2-server:2.1.10
        env:
          SERVER_PORT: "9000"
          JSON_CONFIG: '{"interactiveLogin":true,"httpServer":"NettyWrapper","tokenCallbacks":[{"issuerId":"test-idp","tokenExpiry":3600,"requestMappings":[{"requestParam":"scope","match":"*","claims":{"sub":"$${claim:sub}","email":"$${claim:sub}@test.local","name":"Test User"}}]}]}'
      mock-saml:
        image: kenchan0130/simplesamlphp
        env:
          SIMPLESAMLPHP_SP_ENTITY_ID: http://localhost:13003/auth/saml/test-saml/metadata
          SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE: http://localhost:13003/auth/saml/test-saml/callback
          SIMPLESAMLPHP_IDP_BASE_URL: http://mock-saml:8080/simplesaml/
    env:
      CI: "true"
      WG_DATABASE_URL: postgresql+asyncpg://wiregui:wiregui@postgres/wiregui
      WG_REDIS_URL: redis://valkey:6379/0
      MOCK_OIDC_HOST: mock-oidc
      MOCK_SAML_HOST: mock-saml
    steps:
      - name: Install system dependencies and checkout
        run: |
          apt-get update && apt-get install -y --no-install-recommends \
            git wireguard-tools pkg-config libxml2-dev libxmlsec1-dev libxmlsec1-openssl
          git clone --depth=1 -b "${GITHUB_REF_NAME}" ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .

      - name: Install uv
        run: pip install uv

      - name: Install dependencies
        run: uv sync

      - name: Install Playwright browsers
        run: uv run playwright install --with-deps chromium

      - name: Run migrations
        run: uv run alembic upgrade head

      - name: Run unit tests
        run: uv run pytest tests/ --ignore=tests/e2e -v --tb=short

      - name: Run E2E tests
        run: uv run pytest tests/e2e/ -v --tb=short

  docker:
    needs: test
    runs-on: docker
    container:
      image: catthehacker/ubuntu:act-latest
      options: --privileged
    steps:
      - name: Checkout repository
        run: |
          git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git -b dev .
          git fetch origin main --tags

      - name: Build and push pre-release image
        shell: bash
        env:
          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
        run: |
          # Derive version from latest tag on main: v1.2.3 -> 1.2.3.dev0, .dev1, etc.
          LATEST_TAG=$(git describe --tags --abbrev=0 origin/main 2>/dev/null || echo "v0.0.0")
          BASE_VERSION="${LATEST_TAG#v}"
          # Count commits on dev since that tag
          DEV_N=$(git rev-list --count "${LATEST_TAG}..HEAD" 2>/dev/null || echo "0")
          VERSION="${BASE_VERSION}.dev${DEV_N}"

          REGISTRY=$(echo "${{ github.server_url }}" | sed 's|https://||; s|http://||')
          IMAGE="${REGISTRY}/${{ github.repository_owner }}/wiregui"

          echo "Building ${IMAGE}:v${VERSION}"

          echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY}" \
            -u "${{ github.repository_owner }}" --password-stdin

          docker build --no-cache \
            --build-arg "VERSION=${VERSION}" \
            -t "${IMAGE}:v${VERSION}" \
            -t "${IMAGE}:dev" \
            .

          docker push "${IMAGE}:v${VERSION}"
          docker push "${IMAGE}:dev"

          echo "Pushed ${IMAGE}:v${VERSION}, ${IMAGE}:dev"