.github/workflows/tests.yml

# SPDX-FileCopyrightText: 2023 MTRNord
#
# SPDX-License-Identifier: CC0-1.0

on: [push, pull_request]

name: Continuous integration

permissions:
  contents: read

jobs:
  check:
    name: Check
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
        with:
          egress-policy: block
          allowed-endpoints: >
            artifactcache.actions.githubusercontent.com:443
            frsnacprodeus2file1.blob.core.windows.net:443
            github.com:443
            api.github.com:443
            gitlab.com:443
            crates.io:443
            index.crates.io:443
            static.crates.io:443
            static.rust-lang.org:443

      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
        with:
          profile: minimal
          toolchain: nightly
          override: true
      - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b
      - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
        with:
          command: check

  test-pg:
    continue-on-error: true
    name: Coverage Postgres
    runs-on: ubuntu-latest
    container:
      image: rust:latest
      options: --user root
    # Service containers to run with `runner-job`
    services:
      # Label used to access the service container
      postgres:
        # Docker Hub image
        image: postgres
        # Provide the password for postgres
        env:
          POSTGRES_PASSWORD: postgres
          POSTGRES_DB: erooster
        # Set health checks to wait until postgres has started
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          # Maps tcp port 5432 on service container to the host
          - 5432:5432
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
      - name: Install Rust
        run: rustup toolchain install nightly --component llvm-tools-preview
      - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b
      - name: Install opendkim
        run: apt update && apt install -y opendkim-tools
      - name: Generate dkim-key
        run: |
          mkdir -p /etc/erooster/keys
          cd /etc/erooster/keys
          opendkim-genkey --domain=example.com  --subdomains --testmode
      - name: Setup Config
        run: |
          mkdir -p /etc/erooster/tasks
          echo 'task_folder: "/etc/erooster/tasks"' > /etc/erooster/config.yml
          echo 'tls:' >> /etc/erooster/config.yml
          echo '  key_path: ""' >> /etc/erooster/config.yml
          echo '  cert_path: ""' >> /etc/erooster/config.yml
          echo 'mail:' >> /etc/erooster/config.yml
          echo '  maildir_folders: "./maildir"' >> /etc/erooster/config.yml
          echo '  hostname: "localhost"' >> /etc/erooster/config.yml
          echo '  displayname: Erooster' >> /etc/erooster/config.yml
          echo '  dkim_key_path: /etc/erooster/keys/default.private' >> /etc/erooster/config.yml
          echo '  dkim_key_selector: default' >> /etc/erooster/config.yml
          echo 'database:' >> /etc/erooster/config.yml
          echo '  url: "postgres://postgres:postgres@postgres/erooster"' >> /etc/erooster/config.yml
          echo 'webserver:' >> /etc/erooster/config.yml
          echo '  port: 80' >> /etc/erooster/config.yml
          echo '  tls: false' >> /etc/erooster/config.yml
      - name: Install cargo-llvm-cov
        uses: taiki-e/install-action@cargo-llvm-cov
      - name: Generate code coverage
        run: |
          cargo +nightly llvm-cov --no-report --workspace
          cargo +nightly llvm-cov --no-report --features "jaeger" --workspace
          cargo +nightly llvm-cov report --html
        env:
          RUST_BACKTRACE: "1"
      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
        with:
          name: coverage-report
          path: target/llvm-cov/html/
      - name: Generate code coverage for codecov
        run: |
          cargo +nightly llvm-cov --no-report --workspace
          cargo +nightly llvm-cov --no-report --features "jaeger" --workspace
          cargo +nightly llvm-cov report --lcov --output-path lcov.info
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: lcov.info
          fail_ci_if_error: false

  test-sqlite:
    name: Coverage Sqlite
    runs-on: ubuntu-latest
    container:
      image: rust:latest
      options: --user root
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
        with:
          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
      - name: Install Rust
        run: rustup toolchain install nightly --component llvm-tools-preview
      - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b
      - name: Install opendkim and sqlite
        run: apt update && apt install -y opendkim-tools sqlite3
      - name: Generate dkim-key
        run: |
          mkdir -p /etc/erooster/keys
          cd /etc/erooster/keys
          opendkim-genkey --domain=example.com  --subdomains --testmode
      - name: Setup Config
        run: |
          mkdir -p /etc/erooster/tasks
          echo 'task_folder: "/etc/erooster/tasks"' > /etc/erooster/config.yml
          echo 'tls:' >> /etc/erooster/config.yml
          echo '  key_path: ""' >> /etc/erooster/config.yml
          echo '  cert_path: ""' >> /etc/erooster/config.yml
          echo 'mail:' >> /etc/erooster/config.yml
          echo '  maildir_folders: "./maildir"' >> /etc/erooster/config.yml
          echo '  hostname: "localhost"' >> /etc/erooster/config.yml
          echo '  displayname: Erooster' >> /etc/erooster/config.yml
          echo '  dkim_key_path: /etc/erooster/keys/default.private' >> /etc/erooster/config.yml
          echo '  dkim_key_selector: default' >> /etc/erooster/config.yml
          echo 'database:' >> /etc/erooster/config.yml
          echo '  url: "sqlite://:memory:' >> /etc/erooster/config.yml
          echo 'webserver:' >> /etc/erooster/config.yml
          echo '  port: 80' >> /etc/erooster/config.yml
          echo '  tls: false' >> /etc/erooster/config.yml
      - name: Install cargo-llvm-cov
        uses: taiki-e/install-action@cargo-llvm-cov
      - name: Generate code coverage
        run: |
          cargo +nightly llvm-cov --no-report --workspace --features sqlite --no-default-features 
          cargo +nightly llvm-cov --no-report --features "jaeger" --workspace --features sqlite --no-default-features 
          cargo +nightly llvm-cov report --html
        env:
          RUST_BACKTRACE: "1"
      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
        with:
          name: coverage-report
          path: target/llvm-cov/html/
      - name: Generate code coverage for codecov
        run: |
          cargo +nightly llvm-cov --no-report --workspace --features sqlite --no-default-features 
          cargo +nightly llvm-cov --no-report --features "jaeger" --workspace --features sqlite --no-default-features 
          cargo +nightly llvm-cov report --lcov --output-path lcov.info
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          files: lcov.info
          fail_ci_if_error: false

  fmt:
    name: Rustfmt
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
        with:
          egress-policy: block
          allowed-endpoints: >
            artifactcache.actions.githubusercontent.com:443
            frsnacprodeus2file1.blob.core.windows.net:443
            github.com:443
            static.rust-lang.org:443
            api.github.com:443
            gitlab.com:443
            crates.io:443
            index.crates.io:443
            static.crates.io:443

      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
      - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af
        with:
          profile: minimal
          toolchain: nightly
          override: true
      - run: rustup component add rustfmt
      - uses: Swatinem/rust-cache@81d053bdb0871dcd3f10763c8cc60d0adc41762b
      - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505
        with:
          command: fmt
          args: --all -- --check