.github/workflows/gcp-terraform-integration-tests.yml

name: GCP Discovery Plugin Tests

on:
  workflow_dispatch:
  pull_request_target:
    types:
      - labeled
    branches:
      - "master"
      - "*.z"
    paths:
      - "hazelcast/src/main/java/com/hazelcast/gcp/**"
      - ".github/terraform/gcp/**"

jobs:
  build:
    name: GCP Tests
    defaults:
      run:
        shell: bash
    runs-on: ubuntu-latest
    if: >-
      github.repository_owner == 'hazelcast' && 
      ( github.event_name == 'workflow_dispatch' || 
        (github.event_name == 'pull_request_target' && 
          github.event.action == 'labeled' && 
          github.event.label.name == 'run-discovery-tests' 
        )
      )
    env:
      AWS_REGION: us-east-1
    steps:
      - name: Decide which ref to checkout
        id: decide-ref
        run: |
          if [[ "${{github.event_name}}" == "pull_request_target" ]]; then
            echo "ref=refs/pull/${{ github.event.pull_request.number }}/merge" >> $GITHUB_OUTPUT
          else
            echo "ref=${{github.ref}}" >> $GITHUB_OUTPUT
          fi

      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{steps.decide-ref.outputs.ref}}

      - name: Read Java Config
        run: cat ${{ github.workspace }}/.github/java-config.env >> $GITHUB_ENV

      - name: Setup JDK
        uses: actions/setup-java@v4
        with:
          java-version: ${{ env.JAVA_VERSION }}
          distribution: ${{ env.JAVA_DISTRIBUTION }}
          architecture: x64
          cache: "maven"

      - name: Build hazelcast jar
        run: |
          ./mvnw -T 4 -B -V -e clean package --activate-profiles quick
          echo "Hazelcast jar is: " hazelcast/target/hazelcast-*-SNAPSHOT.jar
          cp hazelcast/target/hazelcast-*-SNAPSHOT.jar ~/hazelcast.jar

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4.0.2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Get Secrets
        uses: aws-actions/aws-secretsmanager-get-secrets@v2
        with:
          secret-ids: |
            GKE_SA_KEY,CN/GKE_SA_KEY

      - name: Authenticate to GCP
        uses: "google-github-actions/auth@v2.1.6"
        with:
          credentials_json: ${{ env.GKE_SA_KEY }}

      - name: Create GCP credentials file
        run: |
          touch ~/gcp_key_file.json
          echo $GKE_SA_KEY > ~/gcp_key_file.json

      - name: Set-up Terraform
        uses: hashicorp/setup-terraform@v3.1.2

      - name: Terraform Init
        working-directory: .github/terraform/gcp
        run: terraform init

      - name: Terraform Apply
        working-directory: .github/terraform/gcp
        run: |
          project_id=$(echo $GKE_SA_KEY | grep -Po '"project_id":\s"\K[-a-zA-Z0-9]+')
          terraform apply \
            -var="hazelcast_mancenter_version=latest-snapshot" \
            -var="hazelcast_path=~/hazelcast.jar" \
            -var="gcp_key_file=~/gcp_key_file.json" \
            -var="project_id=${project_id}" \
            -auto-approve

      - name: Terraform Destroy
        if: ${{ always() }}
        working-directory: .github/terraform/gcp
        run: |
          terraform destroy \
            -auto-approve \
            -var="gcp_key_file=~/gcp_key_file.json"