.github/workflows/build.yml

name: Nextflow CI
# read more here: https://help.github.com/en/articles/workflow-syntax-for-github-actions#on

# Note: We don't use the `on: path` option for docs,
# because the Build steps are *required* tests.
# Instead, we trigger + skip the tests if the only changes
# are in the docs folder. GitHub treats this as passing.

on:
  push:
    branches:
      - 'master'
      - 'test*'
      - 'dev*'
      - 'STABLE-*'
  pull_request:
    types: [opened, reopened, synchronize]
  workflow_dispatch:

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    timeout-minutes: 90
    strategy:
      fail-fast: false
      matrix:
        java_version: [17, 23]

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
          submodules: true

      - name: Get the commit message
        id: get_commit_message
        run: |
            if [ "${{ github.event_name }}" = "pull_request" ]; then
                echo "GitHub event=pull_request"
                COMMIT_SHA=${{ github.event.pull_request.head.sha }}
                COMMIT_MESSAGE=$(curl -s \
                  -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
                  https://api.github.com/repos/${{ github.repository }}/commits/$COMMIT_SHA | jq -r '.commit.message')
                echo "Commit message=$COMMIT_MESSAGE" | head -n 1
                echo "commit_message=$COMMIT_MESSAGE" | head -n 1 >> $GITHUB_OUTPUT
            else
               echo "GitHub event=${{ github.event_name }}"
               echo "Commit message=${{ github.event.head_commit.message }}" | head -n 1
               echo "commit_message=${{ github.event.head_commit.message }}" | head -n 1 >> $GITHUB_OUTPUT
            fi 

      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v43
        with:
          files_ignore: docs/**

      - name: List all changed files
        env:
            ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
        run: |
            for file in ${ALL_CHANGED_FILES}; do
                echo "$file was changed"
            done

      - name: Setup env
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
             rm -f $HOME/.gitconfig;
             mkdir -p "$HOME/.nextflow";
             echo "providers.github.auth='$NXF_GITHUB_ACCESS_TOKEN'" > "$HOME/.nextflow/scm"
        env:
          NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }}

      - name: Setup Java ${{ matrix.java_version }}
        if: steps.changed-files.outputs.any_changed == 'true'
        uses: actions/setup-java@v4
        with:
          java-version: ${{matrix.java_version}}
          distribution: 'temurin'
          architecture: x64
          cache: gradle

      - name: Compile
        if: steps.changed-files.outputs.any_changed == 'true'
        run: make assemble

      - name: Test
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            env | sort
            # configure test env
            if [[ "$GOOGLE_SECRET" ]]; then
            echo $GOOGLE_SECRET | base64 -d > $PWD/google_credentials.json
            export GOOGLE_APPLICATION_CREDENTIALS=$PWD/google_credentials.json
            fi
            # run tests
            make test
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          NXF_BITBUCKET_ACCESS_TOKEN: ${{ secrets.NXF_BITBUCKET_ACCESS_TOKEN }}
          NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }}
          NXF_GITLAB_ACCESS_TOKEN: ${{ secrets.NXF_GITLAB_ACCESS_TOKEN }}
          NXF_AZURE_REPOS_TOKEN: ${{ secrets.NXF_AZURE_REPOS_TOKEN }}
          GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }}
          AZURE_STORAGE_ACCOUNT_NAME: nfazurestore
          AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}
          AZURE_BATCH_ACCOUNT_NAME: nfbatchtest
          AZURE_BATCH_ACCOUNT_KEY: ${{ secrets.AZURE_BATCH_ACCOUNT_KEY }}

      - name: Publish tests report
        uses: actions/upload-artifact@v4
        if: steps.changed-files.outputs.any_changed == 'true' && always()
        with:
          name: report-unit-tests-jdk-${{ matrix.java_version }}
          path: |
            **/build/reports/tests/test

    outputs:
      any_changed: ${{ steps.changed-files.outputs.any_changed }}
      commit_message: ${{ steps.get_commit_message.outputs.commit_message }}

  test:
    if: ${{ !contains(needs.build.outputs.commit_message, '[ci fast]') && needs.build.outputs.any_changed == 'true' }}
    needs: build
    runs-on: ubuntu-latest
    timeout-minutes: 90
    strategy:
      fail-fast: false
      matrix:
        java_version: [17, 23]
        test_mode: ["test_integration", "test_docs", "test_aws", "test_azure", "test_google", "test_wave"]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
          submodules: true

      - name: Setup env
        run: |
          rm -f $HOME/.gitconfig;
          mkdir -p "$HOME/.nextflow";
          echo "providers.github.auth='$NXF_GITHUB_ACCESS_TOKEN'" > "$HOME/.nextflow/scm"
        env:
          NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }}

      - name: Setup Java ${{ matrix.java_version }}
        uses: actions/setup-java@v4
        with:
          java-version: ${{matrix.java_version}}
          distribution: 'temurin'
          architecture: x64
          cache: gradle

      - name: Run tests
        run: |
          env | sort
          # configure test env
          if [[ "$GOOGLE_SECRET" ]]; then
          echo $GOOGLE_SECRET | base64 -d > $PWD/google_credentials.json
          export GOOGLE_APPLICATION_CREDENTIALS=$PWD/google_credentials.json
          fi
          cat $HOME/.nextflow/scm
          make clean assemble install
          bash test-ci.sh
        env:
          TEST_JDK: ${{ matrix.java_version }}
          TEST_MODE: ${{ matrix.test_mode }}
          GRADLE_OPTS: '-Dorg.gradle.daemon=false'
          TOWER_ACCESS_TOKEN: ${{ secrets.TOWER_ACCESS_TOKEN }}
          AWS_DEFAULT_REGION: eu-west-1
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          NXF_BITBUCKET_ACCESS_TOKEN: ${{ secrets.NXF_BITBUCKET_ACCESS_TOKEN }}
          NXF_GITHUB_ACCESS_TOKEN: ${{ secrets.NXF_GITHUB_ACCESS_TOKEN }}
          NXF_GITLAB_ACCESS_TOKEN: ${{ secrets.NXF_GITLAB_ACCESS_TOKEN }}
          NXF_AZURE_REPOS_TOKEN: ${{ secrets.NXF_AZURE_REPOS_TOKEN }}
          GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }}
          AZURE_STORAGE_ACCOUNT_NAME: nfazurestore
          AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}
          AZURE_BATCH_ACCOUNT_NAME: nfbatchtest
          AZURE_BATCH_ACCOUNT_KEY: ${{ secrets.AZURE_BATCH_ACCOUNT_KEY }}

      - name: Tar integration tests
        if: always()
        run: tar -cvf integration-tests.tar tests/checks

      - name: Publish tests report
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: report-${{ matrix.test_mode }}-jdk-${{ matrix.java_version }}
          path: |
            validation/**/*
            validation/**/.*
            integration-tests.tar

  test-e2e:
      if: ${{ contains(needs.build.outputs.commit_message,'[e2e stage]') || contains(needs.build.outputs.commit_message,'[e2e prod]') }}
      needs: build
      runs-on: ubuntu-latest
      timeout-minutes: 10
      permissions:
          actions: write  # Allow writing to actions
          contents: write # Allow writing to repository contents
      steps:
          - name: Checkout
            uses: actions/checkout@v4
            with:
                fetch-depth: 1
                submodules: true
                
          - name: Setup Java 17
            uses: actions/setup-java@v4
            with:
                java-version: 17
                distribution: 'temurin'
                architecture: x64
                cache: gradle

          - name: Setup env
            run: |
                wget -q -O wave https://github.com/seqeralabs/wave-cli/releases/download/v1.4.1/wave-1.4.1-linux-x86_64
                chmod +x wave
                mv wave /usr/local/bin/
                echo "COMMIT_MESSAGE=\"${{ needs.build.outputs.commit_message }}\"" >> $GITHUB_ENV

          - name : Docker Login to Seqera public CR
            uses : docker/login-action@v3
            with :
                registry : "public.cr.seqera.io"
                username : "public-cr-admin"
                password : ${{ secrets.SEQERA_PUBLIC_CR_PASSWORD }}

          - name: Launch tests
            run: |
                cd test-e2e
                bash run.sh
            env:
                GITHUB_TOKEN: ${{ secrets.AUTOMATION_GITHUB_TOKEN }}
                GRADLE_OPTS: '-Dorg.gradle.daemon=false'

  # --------------------------------------------------
  # job: release
  # --------------------------------------------------
  release:
    name: Release
    if: ${{ contains(needs.build.outputs.commit_message,'[release]') }}
    runs-on: ubuntu-latest
    needs: build
    permissions:
        contents: write
    timeout-minutes: 10
    steps:
      # setup steps
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 1
          submodules: true

      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          java-version: 17
          distribution: 'temurin'
          architecture: x64

      - name: Setup AWS
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: eu-west-1
          aws-access-key-id: ${{ secrets.AWS_DEPLOY_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_DEPLOY_SECRET_ACCESS_KEY }}

      - name: Login to Docker hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_HUB_ID }}
          password: ${{ secrets.DOCKER_HUB_PASSWORD }}

      - name: Login to Seqera registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.SEQERA_PUBLIC_CR_URL }}
          username: ${{ secrets.SEQERA_PUBLIC_CR_USER }}
          password: ${{ secrets.SEQERA_PUBLIC_CR_PASSWORD }}

      # release step
      - name: Release
        run: bash release/main.sh
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DEPLOY_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DEPLOY_SECRET_ACCESS_KEY }}
          GH_ORG: ${{ vars.PLUGINS_GITHUB_ORG }}
          GH_USER: ${{ vars.DEPLOY_GITHUB_USER }}
          GH_USER_EMAIL: ${{ vars.DEPLOY_GITHUB_EMAIL }}
          GH_TOKEN: ${{ secrets.DEPLOY_GITHUB_TOKEN }}
          MAVEN_PUBLISH_URL: ${{ vars.MAVEN_PLUGINS_PUBLISH_URL }}
          PLUGINS_INDEX_JSON: ${{ vars.PLUGINS_INDEX_JSON }}
          S3_RELEASE_BUCKET: ${{ vars.S3_RELEASE_BUCKET }}
          SEQERA_CONTAINER_REGISTRY: ${{ vars.SEQERA_PUBLIC_CR_URL }}

      # upload steps
      - name: Upload artifacts (libs)
        uses: actions/upload-artifact@v4
        with:
          retention-days: 3
          name: libs
          path: modules/*/build/libs/

      - name: Upload artifacts (distribution)
        uses: actions/upload-artifact@v4
        with:
          retention-days: 3
          name: distribution
          path: build/releases/

      - name: Upload artifacts (plugins)
        uses: actions/upload-artifact@v4
        with:
          retention-days: 3
          compression-level: 0
          name: plugins
          path: |
            plugins/build/libs/
            plugins/*/build/libs/