.github/workflows/main.yml

name: build-container
on:
  push:
    branches:
      - '**'
    tags:
      - 'v*'
jobs:
  test:
    runs-on: ubuntu-24.04
    services:
      postgres:
        image: postgres:15
        env:
          POSTGRES_DB: sidecar
          POSTGRES_USER: sidecar
          POSTGRES_PASSWORD: sidecar
        ports:
          - 5432:5432
        # Add health check to ensure postgres is ready before running tests
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install dependencies
        run: make deps
      - name: Run tests
        env: # Pass the database connection details to the tests
          SIDECAR_DATABASE_HOST: localhost
          SIDECAR_DATABASE_PORT: 5432
          SIDECAR_DATABASE_USER: sidecar
          SIDECAR_DATABASE_PASSWORD: sidecar
        run: make ci-test
  lint:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Run linter
        run: |
          make deps
          go env GOPATH
          export PATH=$PATH:$(go env GOPATH)/bin
          echo $PATH
          make lint
  build-container:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set release version
        env:
          REF: ${{ github.ref }}
        run: |
          if [[ $REF == refs/tags/* ]]; then
            echo -n "${REF#refs/tags/}" > .release_version
          else
            v=$(git rev-parse --short HEAD) && echo -n $v > .release_version
          fi
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Login to Amazon ECR
        id: login-ecr-public
        uses: aws-actions/amazon-ecr-login@v2
        with:
          registry-type: public
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build, tag, and push docker image to Amazon ECR
        env:
          REGISTRY: "public.ecr.aws/z6g0f8n7"
          REPOSITORY: ${{ github.event.repository.name }}
        run: |
          VERSION=$(cat .release_version)
          if [[ $GITHUB_REF == refs/heads/master || $GITHUB_REF == refs/tags/* ]]; then
            docker buildx build --platform "linux/amd64,linux/arm64" -t $REGISTRY/$REPOSITORY:$VERSION -t $REGISTRY/$REPOSITORY:latest --push .
          else
            docker buildx build --platform "linux/amd64" -t $REGISTRY/$REPOSITORY:$VERSION --push .
          fi
  build-create-release:
    runs-on: ubuntu-latest
    if: startsWith(github.ref, 'refs/tags/')
    needs: [build-container, lint, test]
    permissions: write-all
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set release version
        env:
          REF: ${{ github.ref }}
        run: |
          if [[ $REF == refs/tags/* ]]; then
            echo -n "${REF#refs/tags/}" > .release_version
          else
            v=$(git rev-parse --short HEAD) && echo -n $v > .release_version
          fi
      - name: Build binary
        run: |
          VERSION=$(cat .release_version)
          echo "Building binary for version $VERSION"
          make release
          ./scripts/bundleReleases.sh $VERSION
      - name: Create Release
        id: create_release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          draft: false
          prerelease: false
      - name: Upload Release Asset
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          RELEASE_BUCKET_NAME: ${{ vars.RELEASE_BUCKET_NAME }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          REF: ${{ github.ref }}
        run: |
          set -x
          ls -al ./release
          
          echo "Upload URL: ${{ steps.create_release.outputs.upload_url }}"
          export upload_url=$(echo "${{ steps.create_release.outputs.upload_url }}" | sed -e "s/{?name,label}//")
          
          for asset_name in $(ls ./release | grep '.tar');
          do
            asset="./release/${asset_name}"
            echo "Uploading ${asset_name}..."
            curl --fail \
              -H "Authorization: token $GITHUB_TOKEN" \
              -H "Content-Type: $(file -b --mime-type "$asset")" \
              --data-binary @"$asset" \
              "${upload_url}?name=$asset_name"
          done
  release-helm-chart:
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master'
    needs: [lint, test]
    permissions: write-all
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Release Helm Chart
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
        run: |
          ./scripts/releaseChart.sh