delivery.yml

name: Delivery
on:
  - push
concurrency: delivery-${{ github.ref }}
jobs:
  commit-compile:
    name: Commit - Compile
    if: ${{ github.ref_type == 'branch' }}
    runs-on: ${{ matrix.operating-system }}-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: "${{ matrix.ruby-version }}"
          bundler: "2.4"
          bundler-cache: true
          cache-version:
            "1-os-${{ matrix.operating-system }}-rv-${{ matrix.ruby-version }}"
      - name: Upload Bundler Lockfile
        uses: actions/upload-artifact@v3
        with:
          name:
            bundler-lockfile-os-${{ matrix.operating-system }}-rv-${{
            matrix.ruby-version }}
          path: gems.locked
          if-no-files-found: error
    strategy:
      fail-fast: false
      matrix:
        include:
          - operating-system: ubuntu
            ruby-version: "3.0"
          - operating-system: ubuntu
            ruby-version: "3.1"
          - operating-system: ubuntu
            ruby-version: "3.2"
          - operating-system: windows
            ruby-version: "3.2"
  commit-unit-test:
    name: Commit - Unit Test
    needs:
      - commit-compile
    if: ${{ github.ref_type == 'branch' }}
    runs-on: ${{ matrix.operating-system }}-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3
      - name: Download Bundler Lockfile
        uses: actions/download-artifact@v3
        with:
          name:
            bundler-lockfile-os-${{ matrix.operating-system }}-rv-${{
            matrix.ruby-version }}
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: "${{ matrix.ruby-version }}"
          bundler: "2.4"
          bundler-cache: true
          cache-version:
            "1-os-${{ matrix.operating-system }}-rv-${{ matrix.ruby-version }}"
      - name: Run RSpec Tests
        if: ${{ !matrix.code-coverage }}
        run: bundle exec rake test:rspec
      - name: Run RSpec Tests with Code Coverage
        if: ${{ matrix.code-coverage }}
        uses: paambaati/codeclimate-action@v4.0.0
        env:
          CC_TEST_REPORTER_ID: 7574433e1beed630cb9a171c688bb9e010d5028f00f7218d6e845fe138c65168
        with:
          coverageCommand: bundle exec rake test:rspec
    strategy:
      fail-fast: false
      matrix:
        include:
          - code-coverage: false
            operating-system: ubuntu
            ruby-version: "3.0"
          - code-coverage: false
            operating-system: ubuntu
            ruby-version: "3.1"
          - code-coverage: true
            operating-system: ubuntu
            ruby-version: "3.2"
          - code-coverage: false
            operating-system: windows
            ruby-version: "3.2"
  commit-assemble:
    name: Commit - Assemble
    needs:
      - commit-compile
    if: ${{ github.ref_type == 'branch' }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3
      - name: Download Bundler Lockfile
        uses: actions/download-artifact@v3
        with:
          name: bundler-lockfile-os-ubuntu-rv-3.2
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: "3.2"
          bundler: "2.4"
          bundler-cache: true
          cache-version: "1-os-ubuntu-rv-3.2"
      - name: Build Ruby Gem
        env:
          GEM_PRIVATE_KEY: ${{ secrets.GEM_PRIVATE_KEY }}
        run: |
          printf -- "${GEM_PRIVATE_KEY}\n" > certs/gem-private_key.pem
          gem cert --add certs/gem-public_cert.pem
          gem build kitchen-terraform.gemspec --strict --output kitchen-terraform.gem
      - name: Upload Ruby Gem
        uses: actions/upload-artifact@v3
        with:
          name: ruby-gem
          path: kitchen-terraform.gem
  commit-code-analysis:
    name: Commit - Code Analysis
    if: ${{ github.ref_type == 'branch' }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2
        with:
          config-file: .github/codeql/config.yml
          languages: ruby
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v2
  acceptance:
    name: Acceptance
    needs:
      - commit-unit-test
      - commit-assemble
      - commit-code-analysis
    if:
      ${{ github.ref_type == 'branch' && github.event_name == 'push' &&
      github.ref_name == 'main' }}
    runs-on: ${{ matrix.operating-system }}-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v3
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: "3.2"
          bundler-cache: false
      - name: Download Ruby Gem
        uses: actions/download-artifact@v3
        with:
          name: ruby-gem
      - name: Install Ruby Gems
        run:
          gem install --conservative --minimal-deps --verbose
          kitchen-terraform.gem rake
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: ${{ matrix.terraform-version }}
          terraform_wrapper: false
      - name: Setup Terragrunt
        if: ${{ matrix.operating-system == 'macos' }}
        uses: autero1/action-terragrunt@v1.3.2
        with:
          terragrunt_version: ${{ matrix.terragrunt-version }}
      - name: Mirror Terraform Providers
        run: |
          cd ./test/terraform/PlugIns
          terraform providers mirror ./PlugInDirectory
      - name: Run Kitchen Tests
        run: |
          rake --trace test:kitchen:attributes-${{ matrix.operating-system }}
          rake --trace test:kitchen:plug-ins-${{ matrix.operating-system }}
          rake --trace test:kitchen:variables-${{ matrix.operating-system }}
          rake --trace test:kitchen:workspaces-${{ matrix.operating-system }}
      - name: Run Kitchen Test backend-ssh
        if: ${{ matrix.operating-system == 'ubuntu' }}
        run: |
          chmod 400 ./test/terraform/backend-ssh/id_ed25519
          rake test:kitchen:backend-ssh-ubuntu
      - name: Run Kitchen doctor
        run: |
          rake --trace test:kitchen:doctor-${{ matrix.operating-system }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - operating-system: macos
            terraform-version: "1.1.4"
            terragrunt-version: "0.36.0"
          - operating-system: ubuntu
            terraform-version: "0.15.5"
          - operating-system: ubuntu
            terraform-version: "0.14.11"
          - operating-system: windows
            terraform-version: "0.13.7"
  release:
    name: Release
    if: ${{ github.ref_type == 'tag' && startsWith(github.ref_name, 'v') }}
    runs-on: ubuntu-latest
    steps:
      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: "3.2"
          bundler-cache: false
      - name: Download Ruby Gem Release Candidate
        uses: dawidd6/action-download-artifact@v2
        with:
          commit: ${{ github.sha }}
          event: push
          name: ruby-gem
          workflow_conclusion: success
      - name: Publish Ruby Gem Release Candidate
        env:
          GEM_HOST_API_KEY: ${{ secrets.GEM_HOST_API_KEY }}
        run: gem push kitchen-terraform.gem