.github/workflows/pull_request.yml

name: Build-Push-Deploy (Staging)

on:
  pull_request:

jobs:
  build:
    runs-on: ubuntu-latest
    outputs:
      tags: ${{ steps.save_tags.outputs.tags }}
    steps:
      - name: checkout
        uses: actions/checkout@v3

      - name: source .env file
        run: |
          cat ./actions.env >> $GITHUB_ENV

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      
      - name: Login to Docker Registory (JFrog Artifactory)
        uses: docker/login-action@v2
        with:
          registry: ${{ env.JFROG_URL }}
          username: ${{ secrets.JFROG_USER_NAME }}
          password: ${{ secrets.JFROG_API_KEY }}

      - name: Build and export to local Docker engine
        uses: docker/build-push-action@v3
        with:
          push: false
          load: true
          tags: ${{ github.run_id }}
          target: test
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: linux/amd64

        # for simple tests (npm test, etc.) just run a local image in docker
      - name: Unit Testing in Docker
        run: |
          docker run --rm ${{ github.run_id }} echo "run test commands here"

      - uses: jfrog/setup-jfrog-cli@v2
      - name: Xray scan
        run: |
          # init connection
          jf config add jfrog-demo \
            --url="https://${{ env.JFROG_URL }}" \
            --user="${{ secrets.JFROG_USER_NAME }}" \
            --password="${{ secrets.JFROG_API_KEY }}"

          # Xray scan
          jf docker scan ${{ github.run_id }}

      - name: Set Docker meta
        id: docker_meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.DOCKER_IMAGE_NAME }}
          flavor: |
            latest=false
          tags: |
            type=ref,event=pr

      - name: Save tags
        id: save_tags
        run: |
          echo "::set-output name=tags::${{ steps.docker_meta.outputs.tags }}"
      
      - name: Docker build
        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
          tags: ${{ env.JFROG_URL }}/${{ env.JFROG_REPO_STAGING }}/${{ steps.docker_meta.outputs.tags }}
          labels: ${{ steps.docker_meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          platforms: linux/amd64,linux/arm64,linux/arm/v7

  deploy:
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v3

      - name: source .env file
        run: |
          cat ./actions.env >> $GITHUB_ENV

      - name: Generate job file from template
        run: |
          TEMPLATE="./nomad/jobs/staging-template.nomad"
          sed -i -e "s/####JOB_IDENTIFIER_PLACEHOLDER####/staging-${{github.event.number}}/g" ${TEMPLATE}
          cat ${TEMPLATE}
      
      - name: Deploy job
        run: |
          # install Nomad
          NOMAD_DL_URL=$(curl -s https://api.releases.hashicorp.com/v1/releases/nomad/latest | jq -r '.builds[] | select((.arch=="amd64") and (.os=="linux")).url')
          ZIP_NAME="nomad_linux_amd64.zip"
          mkdir -p ${HOME}/.local/bin
          curl -sL -o ${ZIP_NAME} ${NOMAD_DL_URL}
          unzip -qq ${ZIP_NAME} -d ${HOME}/.local/bin
          echo "${HOME}/.local/bin" >> $GITHUB_PATH
          
          # deploy Nomad job
          export NOMAD_ADDR=${{ secrets.NOMAD_ADDR }}
          export NOMAD_TOKEN=${{ secrets.NOMAD_TOKEN }}

          nomad job run -detach \
            -var="git_hash=${GITHUB_SHA}" \
            -var="jfrog_user_name=${{ secrets.JFROG_USER_NAME }}" \
            -var="jfrog_api_key=${{ secrets.JFROG_API_KEY }}" \
            -var="docker_image_path=${{ env.JFROG_URL }}/${{ env.JFROG_REPO_STAGING }}/${{ needs.build.outputs.tags }}" \
            ./nomad/jobs/staging-template.nomad