---
name: QA - Web Release

on:
  workflow_dispatch:
    inputs:
      image_extension:
        description: "Image tag extension"
        required: false
      azure_publish:
        description: 'Release to Azure'
        required: false
        default: true
        type: boolean
      cloudflare_publish:
        description: 'Release to Cloudflare'
        required: false
        default: true
        type: boolean

env:
  _QA_CLUSTER_RESOURCE_GROUP: "bw-env-qa"
  _QA_CLUSTER_NAME: "bw-aks-qa"
  _QA_K8S_NAMESPACE: "bw-qa"
  _QA_K8S_APP_NAME: "bw-web"

jobs:
  deploy:
    name: Deploy QA Web
    if: inputs.azure_publish
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout Repo
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2

      - name: Setup
        run: export PATH=$PATH:~/work/web/web

      - name: Login to Azure
        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
        with:
          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}

      - name: Retrieve secrets
        id: retrieve-secrets
        env:
          KEYVAULT: bitwarden-qa-kv
          SECRETS: "qa-aks-kubectl-credentials"
        run: |
          for i in ${SECRETS//,/ }
          do
            VALUE=$(az keyvault secret show --vault-name $KEYVAULT --name $i --query value --output tsv)
            echo "::add-mask::$VALUE"
            echo "::set-output name=$i::$VALUE"
          done

      - name: Login with qa-aks-kubectl-credentials SP
        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2  # v1.4.6
        with:
          creds: ${{ steps.retrieve-secrets.outputs.qa-aks-kubectl-credentials }}

      - name: Setup AKS access
        run: |
          echo "---az install---"
          az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin
          echo "---az get-creds---"
          az aks get-credentials -n $_QA_CLUSTER_NAME -g $_QA_CLUSTER_RESOURCE_GROUP

      - name: Get image tag
        id: image_tag
        run: |
          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")
          TAG_EXTENSION=${{ github.event.inputs.image_extension }}

          if [[ $TAG_EXTENSION ]]; then
            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
          fi
          echo "::set-output name=value::$IMAGE_TAG"

      - name: Deploy Web image
        env:
          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
        run: |
          kubectl set image -n $_QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record
          kubectl rollout restart -n $_QA_K8S_NAMESPACE deployment/web
          kubectl rollout status deployment/web -n $_QA_K8S_NAMESPACE

  cfpages-deploy:
    name: Deploy Web Vault to QA CloudFlare Pages branch
    runs-on: ubuntu-20.04
    if: inputs.cloudflare_publish
    steps:
      - name: Create GitHub deployment
        uses: chrnorm/deployment-action@1b599fe41a0ef1f95191e7f2eec4743f2d7dfc48
        id: deployment
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          initial-status: 'in_progress'
          environment-url: http://vault.qa.bitwarden.pw
          environment: 'Web Vault - QA'
          description: 'Deployment from branch ${{ github.ref_name }}'

      - name: Update deployment status to In Progress
        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: http://vault.qa.bitwarden.pw
          state: 'in_progress'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

      - name: Checkout Repo
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2

      - name: Download latest cloud asset
        uses: bitwarden/gh-actions/download-artifacts@850faad0cf6c02a8c0dc46eddde2363fbd6c373a
        with:
          workflow: build-web.yml
          path: apps/web
          workflow_conclusion: success
          branch: ${{ github.ref_name }}
          artifacts: web-*-cloud-QA.zip

      # This should result in a build directory in the current working directory
      - name: Unzip build asset
        working-directory: apps/web
        run: unzip web-*-cloud-QA.zip

      - name: Checkout Repo
        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
        with:
          ref: cf-pages-qa
          path: deployment

      - name: Setup git config
        run: |
          git config --global user.name "GitHub Action Bot"
          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
          git config --global url."https://".insteadOf ssh://

      - name: Deploy CloudFlare Pages
        run: |
          rm -rf ./*
          cp -R ../apps/web/build/* .
        working-directory: deployment

      - name: Push new ver to cf-pages-qa
        run: |
          if [ -n "$(git status --porcelain)" ]; then
            git add .
            git commit -m "Deploy ${{ github.ref_name }} to QA Cloudflare pages"
            git push -u origin cf-pages-qa
          else
            echo "No changes to commit!";
          fi
        working-directory: deployment

      - name: Update deployment status to Success
        if: ${{ success() }}
        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: http://vault.qa.bitwarden.pw
          state: 'success'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

      - name: Update deployment status to Failure
        if: ${{ failure() }}
        uses: chrnorm/deployment-status@07b3930847f65e71c9c6802ff5a402f6dfb46b86
        with:
          token: '${{ secrets.GITHUB_TOKEN }}'
          environment-url: http://vault.qa.bitwarden.pw
          state: 'failure'
          deployment-id: ${{ steps.deployment.outputs.deployment_id }}