.github/workflows/cd.yml

name: CD
on:
  release:
    types: [created]

jobs:
  release:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - id: strip-tag
        uses: yuya-takeyama/docker-tag-from-github-ref-action@v1
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v2
        with:
          python-version: '3.10'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements_dev.txt

      - name: Run unit tests
        run: pytest tests/terraform_compliance

      - name: Version Imprintment
        run: |
          echo "Released version is ${{ steps.strip-tag.outputs.tag }}"
          cat terraform_compliance/__init__.py | sed s/{{VERSION}}/${{ steps.strip-tag.outputs.tag }}/g  > terraform_compliance/__init__.py.templated
          cat terraform_compliance/__init__.py.templated
          cp terraform_compliance/__init__.py.templated terraform_compliance/__init__.py
          echo "export RELEASE_VERSION=$(cat terraform_compliance/__init__.py | grep __version__ | cut -d "'" -f2)" > reqs.sh
          source reqs.sh
          if [[ "${{ steps.strip-tag.outputs.tag }}" != "$RELEASE_VERSION" ]]; then echo "Released version (${{ steps.strip-tag.outputs.tag }}) does not match with RELEASE_VERSION ($RELEASE_VERSION)"; exit 1; fi
          python setup.py install_egg_info

      - name: Build
        run: |
          python setup.py sdist bdist_wheel && \
          ls -al dist/* && \
          pip install --force-reinstall dist/terraform_compliance-${{ steps.strip-tag.outputs.tag }}-*.whl

      - name: Integration Tests
        run: |
          python tests/functional/run_functional_tests.py

      - name: Publish to PyPI
        env:
          TWINE_USERNAME: ${{ secrets.PYPI_API_USER }}
          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
        run: twine upload --skip-existing dist/*

      - name: Publish to Docker Hub
        env:
          IMAGE_NAME: 'eerkunt/terraform-compliance'
          DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }}
          DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
        run : |
          sleep 120
          echo "Getting the latest terraform version from Hashicorp"
          echo "export LATEST_TERRAFORM_VERSION=$(curl https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r .current_version)" > terraform_version.sh
          source terraform_version.sh
          if [ -z "$LATEST_TERRAFORM_VERSION" ]; then echo "Can not identify latest terraform version!"; travis_terminate 1; fi
          docker build --compress --no-cache -t "$IMAGE_NAME" \
                       --build-arg VERSION=${{ steps.strip-tag.outputs.tag }} \
                       --build-arg LATEST_TERRAFORM_VERSION=$LATEST_TERRAFORM_VERSION \
                       --build-arg HASHICORP_PGP_KEY="$(cat hashicorp-pgp-key.pub)" .
          docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_PASSWORD"
          docker tag "$IMAGE_NAME" $IMAGE_NAME:latest
          docker tag "$IMAGE_NAME" "$IMAGE_NAME":"${{ steps.strip-tag.outputs.tag }}"
          docker push "$IMAGE_NAME":latest
          docker push "$IMAGE_NAME":"${{ steps.strip-tag.outputs.tag }}"