name: Forms Backend

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  lint:
    name: Linting
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Python Dependencies
        uses: HassanAbouelela/actions/setup-python@setup-python_v1.6.0
        with:
          python_version: "3.12"
          install_args: "--only dev"

      - name: Run pre-commit hooks
        run: SKIP=ruff-lint pre-commit run --all-files

      # Run `ruff` using github formatting to enable automatic inline annotations.
      - name: Run ruff
        run: "ruff check --output-format=github ."

      # Prepare the Pull Request Payload artifact. If this fails, we
      # we fail silently using the `continue-on-error` option. It's
      # nice if this succeeds, but if it fails for any reason, it
      # does not mean that our lint-test checks failed.
      - name: Prepare Pull Request Payload artifact
        id: prepare-artifact
        if: always() && github.event_name == 'pull_request'
        continue-on-error: true
        run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json

      # This only makes sense if the previous step succeeded. To
      # get the original outcome of the previous step before the
      # `continue-on-error` conclusion is applied, we use the
      # `.outcome` value. This step also fails silently.
      - name: Upload a Build Artifact
        if: always() && steps.prepare-artifact.outcome == 'success'
        continue-on-error: true
        uses: actions/upload-artifact@v4
        with:
          name: pull-request-payload
          path: pull_request_payload.json

  build:
    name: Build & Push
    runs-on: ubuntu-latest

    needs: [lint]
    if: github.ref == 'refs/heads/main' && github.event_name == 'push'

    steps:
      - name: Create SHA Container Tag
        id: sha_tag
        run: |
          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
          echo "sha-tag=$tag" >> $GITHUB_OUTPUT

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Docker BuildX
        uses: docker/setup-buildx-action@v3

      - name: Login to Github Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          push: true
          cache-from: type=registry,ref=ghcr.io/python-discord/forms-backend:latest
          cache-to: type=inline
          tags: |
            ghcr.io/python-discord/forms-backend:latest
            ghcr.io/python-discord/forms-backend:${{ steps.sha_tag.outputs.sha-tag }}
          build-args: |
            git_sha=${{ github.sha }}

  deploy:
    name: Deployment
    runs-on: ubuntu-latest

    needs: [build]

    steps:
      - name: Create SHA Container Tag
        id: sha_tag
        run: |
          tag=$(cut -c 1-7 <<< $GITHUB_SHA)
          echo "sha-tag=$tag" >> $GITHUB_OUTPUT

      - name: Checkout repository
        uses: actions/checkout@v4

      - uses: azure/setup-kubectl@v4

      - name: Authenticate with Kubernetes
        uses: azure/k8s-set-context@v4
        with:
          method: kubeconfig
          kubeconfig: ${{ secrets.KUBECONFIG }}

      - name: Deploy to Kubernetes
        uses: Azure/k8s-deploy@v5
        with:
          namespace: forms
          manifests: |
            deployment.yaml
          images: "ghcr.io/python-discord/forms-backend:${{ steps.sha_tag.outputs.sha-tag }}"