.github/workflows/tests_and_publish.yml

name: "Test and Publish"

on:
  push:
    branches: 
      - master
      - develop
    paths-ignore:
      - "docs/**"
      - CHANGELOG.md
      - README.md
      - CONTRIBUTING.md
  pull_request:
    branches:
      - master
      - develop
    paths-ignore:
      - "docs/**"
      - CHANGELOG.md
      - README.md
      - CONTRIBUTING.md
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
  repository_dispatch:
    types: [ok-to-test-command]
jobs:
  unit_tests:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [ '3.8', '3.9', '3.10', '3.11']

    steps:
    - uses: actions/checkout@v4
    
    - name: Setup python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}

    - name: Setup poetry
      run: |
        python -V
        python -m pip install poetry
   
    - name: Check pre-commit status
      run: |
        poetry install -v
        poetry run pre-commit run --all-files

    - name: Test with tox
      run: |
        pip install tox-pip-version tox-gh-actions "tox<4.0.0"
        tox -v

    - name: Store coverage reports
      uses: actions/upload-artifact@v4
      with:
        name: coverage-${{ matrix.python-version }}
        path: coverage.xml
        if-no-files-found: error

  sonarcloud_trusted_branch:
    if: (github.event_name != 'repository_dispatch' && (github.event.pull_request.head.repo.full_name == github.repository || github.event.pull_request == null))  &&  (github.actor != 'dependabot[bot]')
    runs-on: ubuntu-latest
    needs: unit_tests
    steps:

    - uses: actions/checkout@v4
      with:
        fetch-depth: 0

    - name: Run sonarcloud scan
      uses: ./.github/actions/sonarcloud
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        sonarcloud_token: ${{ secrets.SONARCLOUD_TOKEN }}
        project_base_dir: ${{ github.workspace }}

  sonarcloud_forked_branch:
    if: |
      github.event_name == 'repository_dispatch' &&
      github.event.client_payload.slash_command.args.named.sha != '' &&
      contains(
        github.event.client_payload.pull_request.head.sha,
        github.event.client_payload.slash_command.args.named.sha
      ) &&
      (github.actor != 'dependabot[bot]')
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
      checks: write
    needs: unit_tests
    steps:

      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'

      - name: Run sonarcloud scan
        uses: ./.github/actions/sonarcloud
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          sonarcloud_token: ${{ secrets.SONARCLOUD_TOKEN }}
          project_base_dir: ${{ github.workspace }}

      - name: Update check status
        uses: ./.github/actions/update_check_run
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          pull_request_number: ${{ github.event.client_payload.pull_request.number }}
          job: ${{ github.job }}
          conclusion: ${{ job.status }}


  codeql:
    if: (github.actor != 'dependabot[bot]')
    runs-on: ubuntu-latest
    needs: unit_tests
    permissions:
      actions: read
      contents: read
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: python

      - name: Autobuild
        uses: github/codeql-action/autobuild@v3

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3

  ### PROJECT SPECIFIC CONFIGURATION HERE

  e2e_tests_trusted_branch:
    if: (github.event_name != 'repository_dispatch' && (github.event.pull_request.head.repo.full_name == github.repository || github.event.pull_request == null) || ( ! failure() && ! cancelled() && github.actor == 'dependabot[bot]'))
    needs: [unit_tests, sonarcloud_trusted_branch]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        e2e_config: ["e2e", "e2e_pipeline_data_passing"]
    steps:
      - name: "Checkout repository"
        uses: actions/checkout@v4

      - name: Run E2E tests
        uses: ./.github/actions/e2e_test
        with:
          e2e_config: ${{ matrix.e2e_config }}
          registry_login_server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
          azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
          azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
          azure_storage_account_key: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}
          azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
          azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

  e2e_tests_forked_branch:
    if: |
      github.event_name == 'repository_dispatch' &&
      github.event.client_payload.slash_command.args.named.sha != '' &&
      contains(
        github.event.client_payload.pull_request.head.sha,
        github.event.client_payload.slash_command.args.named.sha
      ) ||
      ( ! failure() && ! cancelled() && github.actor == 'dependabot[bot]')
    needs: [unit_tests, sonarcloud_forked_branch]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        e2e_config: ["e2e", "e2e_pipeline_data_passing"]
    steps:
      - name: Run E2E tests
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'

      - name: Run E2E tests
        uses: ./.github/actions/e2e_test
        with:
          e2e_config: ${{ matrix.e2e_config }}
          registry_login_server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
          azure_client_id: ${{ secrets.AZURE_CLIENT_ID }}
          azure_client_secret: ${{ secrets.AZURE_CLIENT_SECRET }}
          azure_storage_account_key: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}
          azure_tenant_id: ${{ secrets.AZURE_TENANT_ID }}
          azure_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      - name: Update check status
        uses: ./.github/actions/update_check_run
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          pull_request_number: ${{ github.event.client_payload.pull_request.number }}
          job: ${{ github.job }}
          conclusion: ${{ job.status }}

  publish:
    # only run on push to master
    if: github.event.pull_request == null && github.ref == 'refs/heads/master'
    needs: [e2e_tests_trusted_branch, codeql]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: [ 3.8 ]
    env:
      PYTHON_PACKAGE: kedro_azureml
    steps:
      - name: Checkout the repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # necessary to enable merging, all the history is needed
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
      - name: Build package dist from source # A better way will be : https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ but pep 517 is still marked as experimental
        run: |
          pip install poetry
          poetry build
      - name: Merge back to develop  # we have to set the config first on a fresh machine
        run: |
          git config user.name github-actions
          git config user.email github-actions@github.com
          git checkout -B develop --track origin/develop
          git merge master
          git push
      - name: Set dynamically package version as output variable # see https://github.com/actions/create-release/issues/39
        # see https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
        id: set_package_version
        run: |
          echo "::set-output name=PACKAGE_VERSION::$(cat $PYTHON_PACKAGE/__init__.py | grep -Po  '\d+\.\d+\.\d+')"
      - name: Create temporary file with the body content for the release
        run: |
          grep -Poz "## \[${{steps.set_package_version.outputs.PACKAGE_VERSION}}] - \d{4}-\d{2}-\d{2}[\S\s]+?(?=## \[\d+\.\d+\.\d+\]|\[.+\]:)" CHANGELOG.md > release_body.md
      - name: Create Release # https://github.com/actions/create-release
        id: create_release
        uses: actions/create-release@v1.1.4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
        with:
          tag_name: ${{ steps.set_package_version.outputs.PACKAGE_VERSION }}
          release_name: Release ${{ steps.set_package_version.outputs.PACKAGE_VERSION }}
          body_path: ./release_body.md
          draft: false
          prerelease: false
      - name: Rollback Release in case of run failure
        if: failure() && steps.create_release.outputs.id != ''
        uses: author/action-rollback@stable
        with:
          # Using a known release ID
          release_id: ${{ steps.create_release.outputs.id }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Publish distribution to PyPI  # official action from python maintainers
        uses: pypa/gh-action-pypi-publish@master
        with:
          user: __token__
          password: ${{ secrets.PYPI_PASSWORD }}
          verbose: true  # trace if the upload fails