name: test code
on:
  push:
    branches:
      - main
  pull_request:
  workflow_dispatch:
jobs:
  golang:
    permissions:
      contents: read
      id-token: write
    strategy:
      matrix:
        go-version: [1.21.x]
        # temp disable windows tests see https://github.com/docker/image-signer-verifier/pull/154
        # os: [ubuntu-latest, macos-latest, windows-latest]
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}
    steps:
      - name: Set git to use LF
        run: git config --global core.autocrlf false
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}
      - name: Login to Docker Hub
        if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
        uses: docker/login-action@v3
        with:
          username: dockerpublicbot
          password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
      - name: Authenticate to AWS
        if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 #v4.0.2
        with:
          aws-region: "us-east-1"
          role-to-assume: arn:aws:iam::175142243308:role/doi-github-actions-signing
      - name: auth-with-gcp
        if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
        uses: google-github-actions/auth@v2
        with:
          project_id: 'attest-kms-test'
          export_environment_variables: true
          workload_identity_provider: 'projects/385966116051/locations/global/workloadIdentityPools/attest-kms-test/providers/attest-kms-test'
          service_account: 'attest-kms-test@attest-kms-test.iam.gserviceaccount.com'
      - name: Setup Testcontainers Cloud Client
        uses: atomicjar/testcontainers-cloud-setup-action@v1
        with:
          token: ${{ secrets.TC_CLOUD_TOKEN }}
      - name: go test including e2e
        if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
        run: go test -tags=e2e -v ./... -coverprofile=coverage.out -covermode=atomic
      - name: go test excluding e2e
        if: matrix.os == 'macos-latest' || github.actor == 'dependabot[bot]'
        run: go test -v ./...
      - name: Upload coverage to Codecov
        if: matrix.os == 'ubuntu-latest' && github.actor != 'dependabot[bot]'
        uses: codecov/codecov-action@v4
        with:
          file: ./coverage.out
          flags: unittests
          name: codecov-umbrella
          fail_ci_if_error: true
          token: ${{ secrets.CODECOV_TOKEN }}