name: java_pr

on:
  pull_request_target:
    types:
      - opened
      - synchronize
      - labeled

permissions:
  pull-requests: read

jobs:
  lint-java:
    # when using pull_request_target, all jobs MUST have this if check for 'ok-to-test' or 'approved' for security purposes.
    if:
      ((github.event.action == 'labeled' && (github.event.label.name == 'approved' || github.event.label.name == 'lgtm' || github.event.label.name == 'ok-to-test')) ||
      (github.event.action != 'labeled' && (contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved') || contains(github.event.pull_request.labels.*.name, 'lgtm')))) &&
      github.repository == 'feast-dev/feast'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          # pull_request_target runs the workflow in the context of the base repo
          # as such actions/checkout needs to be explicit configured to retrieve
          # code from the PR.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
          submodules: recursive
          persist-credentials: false
      - name: Lint java
        run: make lint-java

  unit-test-java:
    # when using pull_request_target, all jobs MUST have this if check for 'ok-to-test' or 'approved' for security purposes.
    if:
      ((github.event.action == 'labeled' && (github.event.label.name == 'approved' || github.event.label.name == 'lgtm' || github.event.label.name == 'ok-to-test')) ||
      (github.event.action != 'labeled' && (contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved') || contains(github.event.pull_request.labels.*.name, 'lgtm')))) &&
      github.repository == 'feast-dev/feast'
    runs-on: ubuntu-latest
    needs: lint-java
    steps:
      - uses: actions/checkout@v4
        with:
          # pull_request_target runs the workflow in the context of the base repo
          # as such actions/checkout needs to be explicit configured to retrieve
          # code from the PR.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
          submodules: recursive
          persist-credentials: false
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: '11'
          java-package: jdk
          architecture: x64
      - uses: actions/cache@v2
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-it-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-it-maven-
      - uses: actions/cache@v2
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-ut-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-ut-maven-
      - name: Test java
        run: make test-java-with-coverage
      - uses: actions/upload-artifact@v4
        with:
          name: java-coverage-report
          path: ${{ github.workspace }}/docs/coverage/java/target/site/jacoco-aggregate/

  build-docker-image-java:
    # when using pull_request_target, all jobs MUST have this if check for 'ok-to-test' or 'approved' for security purposes.
    if:
      ((github.event.action == 'labeled' && (github.event.label.name == 'approved' || github.event.label.name == 'lgtm' || github.event.label.name == 'ok-to-test')) ||
      (github.event.action != 'labeled' && (contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved') || contains(github.event.pull_request.labels.*.name, 'lgtm')))) &&
      github.repository == 'feast-dev/feast'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        component: [ feature-server-java ]
    env:
      MAVEN_CACHE: gs://feast-templocation-kf-feast/.m2.2020-08-19.tar
      REGISTRY: gcr.io/kf-feast
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: 'true'
          persist-credentials: false
      - name: Setup Python
        uses: actions/setup-python@v5
        id: setup-python
        with:
          python-version: "3.11"
          architecture: x64
      - name: Authenticate to Google Cloud
        uses: 'google-github-actions/auth@v1'
        with:
          credentials_json: '${{ secrets.GCP_SA_KEY }}'
      - name: Set up gcloud SDK
        uses: google-github-actions/setup-gcloud@v1
        with:
          project_id: ${{ secrets.GCP_PROJECT_ID }}
      - run: gcloud auth configure-docker --quiet
      - name: Build image
        run: make build-${{ matrix.component }}-docker REGISTRY=${REGISTRY} VERSION=${GITHUB_SHA}

  integration-test-java-pr:
    # when using pull_request_target, all jobs MUST have this if check for 'ok-to-test' or 'approved' for security purposes.
    if:
      ((github.event.action == 'labeled' && (github.event.label.name == 'approved' || github.event.label.name == 'lgtm' || github.event.label.name == 'ok-to-test')) ||
      (github.event.action != 'labeled' && (contains(github.event.pull_request.labels.*.name, 'ok-to-test') || contains(github.event.pull_request.labels.*.name, 'approved') || contains(github.event.pull_request.labels.*.name, 'lgtm')))) &&
      github.repository == 'feast-dev/feast'
    runs-on: ubuntu-latest
    needs: unit-test-java
    env:
      PYTHON: 3.11
    steps:
      - uses: actions/checkout@v4
        with:
          # pull_request_target runs the workflow in the context of the base repo
          # as such actions/checkout needs to be explicit configured to retrieve
          # code from the PR.
          ref: refs/pull/${{ github.event.pull_request.number }}/merge
          submodules: recursive
          persist-credentials: false
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: '11'
          java-package: jdk
          architecture: x64
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          architecture: 'x64'
      - uses: actions/cache@v2
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-it-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-it-maven-
      - name: Authenticate to Google Cloud
        uses: 'google-github-actions/auth@v1'
        with:
          credentials_json: '${{ secrets.GCP_SA_KEY }}'
      - name: Set up gcloud SDK
        uses: google-github-actions/setup-gcloud@v1
        with:
          project_id: ${{ secrets.GCP_PROJECT_ID }}
      - name: Use gcloud CLI
        run: gcloud info
      - name: Set up AWS SDK
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-west-2
      - name: Use AWS CLI
        run: aws sts get-caller-identity
      - name: Setup Python (to call feast apply)
        uses: actions/setup-python@v5
        id: setup-python
        with:
          python-version: 3.11
          architecture: x64
      - name: Install uv
        run: |
          curl -LsSf https://astral.sh/uv/install.sh | sh
      - name: Get uv cache dir
        id: uv-cache
        run: |
          echo "::set-output name=dir::$(uv cache dir)"
      - name: uv cache
        uses: actions/cache@v4
        with:
          path: ${{ steps.uv-cache.outputs.dir }}
          key: ${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-uv-${{ hashFiles(format('**/py{0}-ci-requirements.txt', env.PYTHON)) }}
      - name: Install dependencies
        run: make install-python-dependencies-ci
      - name: Run integration tests
        run:  make test-java-integration
      - name: Save report
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: it-report
          path: spark/ingestion/target/test-reports/TestSuite.txt
          retention-days: 5