.github/workflows/tests.yml

# Run secret-dependent integration tests only after /ok-to-test approval
on:
  repository_dispatch:
    types: [ok-to-test-command]
  pull_request:
name: tests

jobs:
  all-tests:
    env:
      TEST_SF_TF_TEST_OBJECT_SUFFIX: ${{ (github.event_name == 'repository_dispatch' && github.event.client_payload.pull_request.head.sha) || (github.event_name == 'pull_request' && github.event.pull_request.head.sha) }}
    name: all-tests
    runs-on: ubuntu-latest
    if: (github.event_name == 'repository_dispatch') || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
    steps:
      - id: verify_sha_input
        if: github.event_name == 'repository_dispatch'
        run: |
          echo \"${{ github.event.client_payload.pull_request.head.sha }}\"
          echo \"${{ github.event.client_payload.slash_command.args.named.sha }}\"
          SHAINPUT=$(echo ${{github.event.client_payload.slash_command.args.named.sha}} | cut -c1-7)
          if [ ${#SHAINPUT} -le 6 ]; then echo "error::input sha not at least 7 characters long" ; exit 1
          else echo "done"
          fi
          SHAHEAD=$(echo ${{github.event.client_payload.pull_request.head.sha}} | cut -c1-7)
          echo ${#SHAINPUT}
          echo ${#SHAHEAD}
          if [ "${SHAHEAD}" != "${SHAINPUT}" ]; then echo "sha input from slash command does not equal the head sha" ; exit 1
          else echo "shas are equal"
          fi

      - uses: actions/checkout@v3

      - uses: actions/setup-go@v4
        with:
          go-version-file: ./go.mod
          cache: false

      - name: Apply masking
        run: |
          while IFS= read -r line || [[ -n $line ]]; do
            echo "::add-mask::$line"
          done < <(printf '%s' "$SF_TF_GH_MASKING")
        env:
          SF_TF_GH_MASKING: ${{ secrets.SF_TF_GH_MASKING }}

      - name: Install dependencies
        run: make dev-setup

      - name: Create and populate .snowflake/config file
        id: create_config
        run: mkdir -p $HOME/.snowflake && echo "${{ secrets.SNOWFLAKE_CONFIG_FILE }}" > $HOME/.snowflake/config

      - name: Create and populate .snowflake/config_v097_compatible file
        id: create_config_v097_compatible
        run: mkdir -p $HOME/.snowflake && echo "${{ secrets.SNOWFLAKE_CONFIG_FILE_V097_COMPATIBLE }}" > $HOME/.snowflake/config_v097_compatible

      - run: make test
        if: ${{ !cancelled() && steps.create_config.conclusion == 'success' }}
        env:
          SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT: ${{ secrets.SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT }}
          TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL }}
          TEST_SF_TF_AWS_EXTERNAL_KEY_ID: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_KEY_ID }}
          TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN }}
          TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY }}
          TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL }}
          TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN }}
          TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID }}
          TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL }}

      - name: Setup Terraform
        if: ${{ !cancelled() && steps.create_config.conclusion == 'success' }}
        uses: hashicorp/setup-terraform@v3
        id: setup_terraform
        with:
          terraform_version: 1.7.4
          terraform_wrapper: false

      - run: make test-acceptance
        if: ${{ !cancelled() && steps.setup_terraform.conclusion == 'success' }}
        env:
          SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT: ${{ secrets.SNOWFLAKE_BUSINESS_CRITICAL_ACCOUNT }}
          TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_BUCKET_URL }}
          TEST_SF_TF_AWS_EXTERNAL_KEY_ID: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_KEY_ID }}
          TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_ROLE_ARN }}
          TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY: ${{ secrets.TEST_SF_TF_AWS_EXTERNAL_SECRET_KEY }}
          TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_BUCKET_URL }}
          TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_SAS_TOKEN }}
          TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID: ${{ secrets.TEST_SF_TF_AZURE_EXTERNAL_TENANT_ID }}
          TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL: ${{ secrets.TEST_SF_TF_GCS_EXTERNAL_BUCKET_URL }}

      - name: sweepers cleanup
        if: ${{ always() }}
        run: echo y | make sweep

      - name: find comment
        if: ${{ always() }}
        uses: peter-evans/find-comment@v2
        id: fc
        with:
          issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
          comment-author: 'github-actions[bot]'
          body-includes: Integration tests ran for

      - name: create or update comment
        if: ${{ always() }}
        uses: peter-evans/create-or-update-comment@v2
        with:
          issue-number: ${{ github.event.pull_request.number || github.event.client_payload.pull_request.number }}
          comment-id: ${{ steps.fc.outputs.comment-id }}
          body: |
            Integration tests ${{ job.status }} for [${{ github.event.client_payload.slash_command.args.named.sha || github.event.pull_request.head.sha }}](https://github.com/Snowflake-Labs/terraform-provider-snowflake/actions/runs/${{ github.run_id }})

      - name: set fork job status
        uses: actions/github-script@v6
        if: ${{ always() }}
        id: update_check_run
        env:
          number: ${{ github.event.client_payload.pull_request.number }}
          job: ${{ github.job }}
          # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run
          conclusion: ${{ job.status }}
          sha: ${{ github.event.client_payload.slash_command.args.named.sha }}
          event_name: ${{ github.event_name }}
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            if (process.env.event_name !== 'repository_dispatch') {
              console.log("Not repository_dispatch... nothing to do!");
              return process.env.event_name;
            }
            const ref = process.env.sha;
            const { data: checks } = await github.rest.checks.listForRef({
              ...context.repo,
              ref
            });
            const check = checks.check_runs.filter(c => c.name === process.env.job);
            console.log(check);
            const { data: result } = await github.rest.checks.update({
              ...context.repo,
              check_run_id: check[0].id,
              status: 'completed',
              conclusion: process.env.conclusion
            });
            return result;