.github/workflows/gluwa.yml

---
name: gluwa

# Controls when the action will run.
on:
  # Triggers the workflow on push or pull request events but only for the master branch
  push:
    branches: [master, pos-keep-history-*]
  pull_request:

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

permissions: read-all

env:
  RUNNER_VM_NAME: "github-runner-$GITHUB_RUN_ID-attempt-$GITHUB_RUN_ATTEMPT"
  RESOURCE_GROUP: "github-runner-$GITHUB_RUN_ID-attempt-$GITHUB_RUN_ATTEMPT"
  AZ_LOCATION: "westus3"

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  deploy-github-runner:
    runs-on: ubuntu-latest
    outputs:
      runner_vm_name: ${{ steps.get-env.outputs.runner_vm_name }}
      resource_group: ${{ steps.get-env.outputs.resource_group }}

    steps:
      - uses: actions/checkout@v3

      - name: Install azure-cli
        run: |
          sudo apt remove azure-cli -y && sudo apt autoremove -y
          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
          sudo apt install -y jq
          az version

      - name: Authorize hosted-runner
        run: |
          mkdir -p ~/.ssh/
          ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa
          cat ~/.ssh/id_rsa.pub >> .github/authorized_keys

      - name: Evaluate env vars
        id: get-env
        run: |
          # WARNING: using env.RUNNER_VM_NAME directly in job outputs above
          # doesn't evaluate the $GITHUB_RUN_ID reference
          echo "runner_vm_name=${{ env.RUNNER_VM_NAME }}" >> "$GITHUB_OUTPUT"
          echo "resource_group=${{ env.RESOURCE_GROUP }}" >> "$GITHUB_OUTPUT"

      - name: Provision VM
        if: env.LC_GITHUB_REPO_ADMIN_TOKEN
        run: |
          echo "INFO: From ENVs: RUNNER_VM_NAME=${{ env.RUNNER_VM_NAME }}"
          echo "INFO: From Step: RUNNER_VM_NAME=${{ steps.get-env.outputs.runner_vm_name }}"

          az login --service-principal --username "${{ secrets.AZURE_APP_ID }}" --password "${{ secrets.AZURE_APP_PASSWORD }}" --tenant "${{ secrets.AZURE_TENANT_ID }}"
          az account set --subscription "Playground Subscription"
          ## az account set -s "${{ secrets.AZURE_SUBSCRIPTION_ID }}"


          # create resource group
          echo "INFO: ${{ steps.get-env.outputs.resource_group }}"
          az group create -n "${{ steps.get-env.outputs.resource_group }}" --location "${{ env.AZ_LOCATION }}"

          # RG Creditcoin-Test is in WestUS and the CPU quota is already full
          # that's why specify a different region here
          az deployment group create -g "${{ steps.get-env.outputs.resource_group }}" -f .github/runner.bicep \
              --parameters location="${{ env.AZ_LOCATION }}" \
              --parameters vmName="${{ steps.get-env.outputs.runner_vm_name }}" \
              --parameters adminPasswordOrKey="$(cat .github/authorized_keys)" > output.json

          # provision the GitHub Runner binary on the VM
          # passing additional ENV values
          SSH_USER_AT_HOSTNAME=$(jq -r '.properties.outputs.sshUserAtHostname.value' < output.json)
          echo "INFO: $SSH_USER_AT_HOSTNAME"

          export LC_RUNNER_VM_NAME="${{ env.RUNNER_VM_NAME }}"
          until ssh -i ~/.ssh/id_rsa \
              -o SendEnv=LC_GITHUB_REPO_ADMIN_TOKEN,LC_RUNNER_VM_NAME \
              -o StrictHostKeyChecking=no "$SSH_USER_AT_HOSTNAME" < ./.github/provision-github-runner.sh; do
            echo "DEBUG: retrying ssh connection ..."
            sleep 30
          done
        env:
          LC_GITHUB_REPO_ADMIN_TOKEN: ${{ secrets.GH_REPO_ADMIN_TOKEN }}
          LC_RUNNER_EPHEMERAL: false

  cargo-check:
    needs:
      - deploy-github-runner
    runs-on:
      [self-hosted, "${{ needs.deploy-github-runner.outputs.runner_vm_name }}"]

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v3

      - name: Set-Up
        run: |
          sudo apt-get update
          sudo apt install -y cmake pkg-config libssl-dev clang libclang-dev llvm protobuf-compiler

      - name: Install Rust toolchain
        uses: actions-rs/toolchain@v1
        with:
          toolchain: nightly-2023-04-16
          target: wasm32-unknown-unknown
          profile: minimal
          override: true
      - uses: Swatinem/rust-cache@v2

      - name: Check Build
        run: |
          cargo check --release

  cargo-test:
    needs:
      - deploy-github-runner
    runs-on:
      [self-hosted, "${{ needs.deploy-github-runner.outputs.runner_vm_name }}"]

    steps:
      - uses: actions/checkout@v3

      - name: Set-Up
        run: |
          sudo apt-get update
          sudo apt install -y cmake pkg-config libssl-dev clang libclang-dev llvm protobuf-compiler

      - name: Install Rust toolchain
        uses: actions-rs/toolchain@v1
        with:
          toolchain: nightly-2023-04-16
          target: wasm32-unknown-unknown
          profile: minimal
          override: true
      - uses: Swatinem/rust-cache@v2

      - name: Run tests
        uses: actions-rs/cargo@v1
        with:
          command: test
          args: --features runtime-benchmarks

  remove-github-runner:
    runs-on: ubuntu-latest
    needs:
      - deploy-github-runner
      - cargo-check
      - cargo-test
    if: ${{ always() && needs.deploy-github-runner.result != 'skipped' }}

    steps:
      - uses: actions/checkout@v3

      - name: Evaluate env vars
        id: get-env
        run: |
          # WARNING: using env.RUNNER_VM_NAME directly in job outputs above
          # doesn't evaluate the $GITHUB_RUN_ID reference
          echo "resource_group=${{ env.RESOURCE_GROUP }}" >> "$GITHUB_OUTPUT"

      - name: Install azure-cli
        run: |
          sudo apt remove azure-cli -y && sudo apt autoremove -y
          curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
          az version

      - name: Remove VM
        run: |
          echo "INFO: RUNNER_VM_NAME=${{ env.RUNNER_VM_NAME }}"

          az login --service-principal --username "${{ secrets.AZURE_APP_ID }}" --password "${{ secrets.AZURE_APP_PASSWORD }}" --tenant "${{ secrets.AZURE_TENANT_ID }}"
          az account set --subscription "Playground Subscription"
          az group delete --yes -n "${{ steps.get-env.outputs.resource_group }}"

      - name: Upload logs
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: "Azure resources"
          path: azure_resource_list.json