.github/workflows/ci.yml

name: CI

on:
  workflow_dispatch: {}
  push:
    branches:
      - main
    paths-ignore:
      - "Jenkinsfile"
      - ".git**"
  pull_request:

jobs:
  codeql-sast:
    name: CodeQL SAST scan
    uses: alphagov/govuk-infrastructure/.github/workflows/codeql-analysis.yml@main
    permissions:
      security-events: write

  dependency-review:
    name: Dependency Review scan
    uses: alphagov/govuk-infrastructure/.github/workflows/dependency-review.yml@main

  security-analysis:
    name: Security Analysis
    uses: alphagov/govuk-infrastructure/.github/workflows/brakeman.yml@main
    secrets: inherit
    permissions:
      contents: read
      security-events: write
      actions: read

  lint-ruby:
    name: Lint Ruby
    uses: alphagov/govuk-infrastructure/.github/workflows/rubocop.yml@main

  run-gds-api-adapters-pact-tests:
    name: Run GDS API Adapter Pact tests
    uses: ./.github/workflows/pact-verify.yml
    with:
      ref: ${{ github.ref }}

  test-ruby:
    name: Test Ruby
    runs-on: ubuntu-latest
    steps:
      - name: Setup Postgres
        id: setup-postgres
        uses: alphagov/govuk-infrastructure/.github/actions/setup-postgres@main

      - name: Setup Redis
        uses: alphagov/govuk-infrastructure/.github/actions/setup-redis@main

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true

      - name: Initialize database
        env:
          RAILS_ENV: test
          TEST_DATABASE_URL: ${{ steps.setup-postgres.outputs.db-url }}
        run: bundle exec rails db:setup

      - name: Run RSpec
        env:
          RAILS_ENV: test
          TEST_DATABASE_URL: ${{ steps.setup-postgres.outputs.db-url }}
        run: bundle exec rake spec

      # We upload the generated pact tests so they can be used in a later action
      - name: Create and upload pact test artifact
        uses: actions/upload-artifact@v4
        with:
          name: pacts
          path: spec/pacts/*.json

  check-schemas-build:
    name: Check content schemas are built
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true

      - name: Build content schemas
        run: bundle exec rake build_schemas

      - name: Check for uncommited changes
        run: |
          if git diff --exit-code; then
            echo "No uncommit changes detected."
          else
            echo "::error title=Uncommited changes to content schemas::If these are your changes, build the content schemas and commit the changes."
            exit 1
          fi

  run-content-store-pact-tests:
    name: Run Content Store Pact tests
    needs: test-ruby
    uses: alphagov/content-store/.github/workflows/verify-pact.yml@main
    with:
      ref: main
      pact_artifact: pacts

  publish-pacts:
    needs:
      - test-ruby
    if: ${{ github.ref == 'refs/heads/main' }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - uses: actions/download-artifact@v4
        with:
          name: pacts
          path: tmp/pacts
      - run: bundle exec rake pact:publish
        env:
          PACT_CONSUMER_VERSION: branch-${{ github.ref_name }}
          PACT_BROKER_BASE_URL: https://govuk-pact-broker-6991351eca05.herokuapp.com
          PACT_BROKER_USERNAME: ${{ secrets.GOVUK_PACT_BROKER_USERNAME }}
          PACT_BROKER_PASSWORD: ${{ secrets.GOVUK_PACT_BROKER_PASSWORD }}
          PACT_PATTERN: tmp/pacts/*.json