name: CI

on:
  pull_request:
    branches:
      - production
  push:
    branches:
      - production
  workflow_dispatch:

env:
  php_version: '7.4'

jobs:
  install:
    runs-on: ubuntu-latest
    name: Test Drupal site installation
    steps:
      - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675

      - name: Cache dependencies
        uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340
        with:
          path: |
            ~/.composer/cache/files
            web/core
            web/modules/contrib
            web/themes/contrib
            vendor
          key: dependencies-composer-${{ hashFiles('composer.lock') }}

      - name: Setup PHP
        uses: shivammathur/setup-php@5d27b8f90ea9479ac7af4fcaad6b411eb19d7170
        with:
          php-version: ${{ env.php_version }}
          extensions: mbstring
          coverage: none

      - run: |
          composer validate
          composer install --prefer-dist --no-interaction --no-suggest

      - name: Install Drupal
        run: >
          bin/drush --root=$(pwd)/web
          site:install -y
          --existing-config
          --db-url=sqlite://sites/default/files/.ht.sqlite

      - run: php -S localhost:8000 -t web 2>&1 &

      - name: Test loading the home page
        run: curl http://localhost:8000

      - name: Verify the home page has the site name in it
        run: curl -s http://localhost:8000 | grep "Oliver Davies"

  theme:
    name: Build the theme assets
    runs-on: ubuntu-latest
    strategy:
      matrix:
        theme-path:
          - web/themes/custom/opdavies
    steps:
      - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675

      - name: Setup node and npm
        uses: actions/setup-node@56899e050abffc08c2b3b61f3ec6a79a9dc3223d
        with:
          node-version: 12

      - name: Cache npm dependencies
        uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340
        with:
          path: node_modules
          key: dependencies-npm-${{ hashFiles('package-lock.json') }}

      - name: Build the production theme assets
        run: |
          cd ${{ matrix.theme-path }}
          npm clean-install
          npm run production

  phpunit:
    runs-on: ubuntu-latest
    name: "Run ${{ matrix.test-types }} tests"
    strategy:
      matrix:
        test-types:
          - functional
          - kernel
          - unit
    steps:
      - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675

      - name: Cache dependencies
        uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340
        with:
          path: |
            ~/.composer/cache/files
            web/core
            web/modules/constrib
            web/themes/contrib
            vendor
          key: dependencies-composer-${{ hashFiles('composer.lock') }}

      - name: Setup PHP
        uses: shivammathur/setup-php@5d27b8f90ea9479ac7af4fcaad6b411eb19d7170
        with:
          php-version: ${{ env.php_version }}
          extensions: mbstring
          coverage: none

      - run: composer install --prefer-dist --no-interaction --no-suggest

      - run: php -S localhost:8000 -t web 2>&1 &
        if: matrix.test-types == 'functional'

      - run: bin/phpunit --testdox --colors=always --testsuite=${{ matrix.test-types }}
        env:
          SIMPLETEST_BASE_URL: http://localhost:8000

  phpcs:
    runs-on: ubuntu-latest
    name: "Run coding standards checks"
    steps:
      - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675

      - name: Cache dependencies
        uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340
        with:
          path: |
            ~/.composer/cache/files
            web/core
            web/modules/constrib
            web/themes/contrib
            vendor
          key: dependencies-composer-${{ hashFiles('composer.lock') }}

      - name: Setup PHP
        uses: shivammathur/setup-php@5d27b8f90ea9479ac7af4fcaad6b411eb19d7170
        with:
          php-version: ${{ env.php_version }}

      - run: composer install --prefer-dist --no-interaction --no-suggest

      - run: bin/phpcs -s --warning-severity=6

  phpstan:
    runs-on: ubuntu-latest
    name: Static analysis with PHPStan
    steps:
      - uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675

      - name: Cache dependencies
        uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340
        with:
          path: |
            ~/.composer/cache/files
            web/core
            web/modules/constrib
            web/themes/contrib
            vendor
          key: dependencies-composer-${{ hashFiles('composer.lock') }}

      - name: Setup PHP
        uses: shivammathur/setup-php@5d27b8f90ea9479ac7af4fcaad6b411eb19d7170
        with:
          php-version: ${{ env.php_version }}

      - run: composer install --prefer-dist --no-interaction --no-suggest

      - run: bin/phpstan analyze

  deploy:
    name: Deploy via Ansible
    runs-on: ubuntu-latest
    needs:
      - install
      - phpcs
      - phpstan
      - phpunit
      - theme
    if: github.event_name == 'push'
    env:
      ANSIBLE_FORCE_COLOR: 1
      ANSIBLE_HOST_KEY_CHECKING: no
    steps:
      - name: Checkout the code
        uses: actions/checkout@a81bbbf8298c0fa03ea29cdc473d45769f953675

      - name: Add the deployment SSH key
        uses: shimataro/ssh-key-action@6f350ca8484d8d55c2e361e74d17e638dabe713a # 2.1.0
        with:
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          name: id_rsa
          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}

      - name: Cache dependencies
        uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340
        with:
          path: tools/deployment/.roles
          key: dependencies-composer-${{ hashFiles('tools/deployment/requirements.yml') }}

      - name: Download Ansible roles
        run: ansible-galaxy install -r tools/deployment/requirements.yml

      - name: Export the Ansible Vault password
        run: echo $ANSIBLE_VAULT_PASS > tools/deployment/.vault-pass.txt
        env:
          ANSIBLE_VAULT_PASS: ${{ secrets.ANSIBLE_VAULT_PASS }}

      - name: Deploy the code
        run: >
          ansible-playbook tools/deployment/deploy.yml
          -i tools/deployment/hosts.yml
          -e "ansistrano_deploy_branch=$GITHUB_SHA"
          --vault-password-file=tools/deployment/.vault-pass.txt

      - name: Remove the Ansible Vault password file
        run: rm tools/deployment/.vault-pass.txt