name: Export Center CI

on:
  push:
    branches: [ main ]
    paths:
      - 'src/ExportCenter/**'
      - 'ops/devops/export/**'
      - '.gitea/workflows/export-ci.yml'
      - 'docs/modules/devops/export-ci-contract.md'
  pull_request:
    branches: [ main, develop ]
    paths:
      - 'src/ExportCenter/**'
      - 'ops/devops/export/**'
      - '.gitea/workflows/export-ci.yml'
      - 'docs/modules/devops/export-ci-contract.md'

jobs:
  export-ci:
    runs-on: ubuntu-22.04
    env:
      DOTNET_VERSION: '10.0.100'
      MINIO_ACCESS_KEY: exportci
      MINIO_SECRET_KEY: exportci123
      BUCKET: export-ci
      ARTIFACT_DIR: ${{ github.workspace }}/.artifacts
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Task Pack offline bundle fixtures
        run: python3 scripts/packs/run-fixtures-check.sh
        with:
          fetch-depth: 0

      - name: Export OpenSSL 1.1 shim for Mongo2Go
        run: scripts/enable-openssl11-shim.sh

      - name: Set up .NET SDK
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: ${{ env.DOTNET_VERSION }}
          include-prerelease: true

      - name: Restore
        run: dotnet restore src/ExportCenter/StellaOps.ExportCenter.WebService/StellaOps.ExportCenter.WebService.csproj

      - name: Bring up MinIO
        run: |
          docker compose -f ops/devops/export/minio-compose.yml up -d
          sleep 5
          MINIO_ENDPOINT=http://localhost:9000 ops/devops/export/seed-minio.sh

      - name: Build
        run: dotnet build src/ExportCenter/StellaOps.ExportCenter.WebService/StellaOps.ExportCenter.WebService.csproj -c Release /p:ContinuousIntegrationBuild=true

      - name: Test
        run: |
          mkdir -p $ARTIFACT_DIR
          dotnet test src/ExportCenter/__Tests/StellaOps.ExportCenter.Tests/StellaOps.ExportCenter.Tests.csproj -c Release --logger "trx;LogFileName=export-tests.trx" --results-directory $ARTIFACT_DIR

      - name: Trivy/OCI smoke
        run: ops/devops/export/trivy-smoke.sh

      - name: Schema lint
        run: |
          python -m json.tool docs/modules/export-center/schemas/export-profile.schema.json >/dev/null
          python -m json.tool docs/modules/export-center/schemas/export-manifest.schema.json >/dev/null

      - name: Offline kit verify (fixtures)
        run: bash docs/modules/export-center/operations/verify-export-kit.sh src/ExportCenter/__fixtures/export-kit

      - name: SBOM
        run: syft dir:src/ExportCenter -o spdx-json=$ARTIFACT_DIR/exportcenter.spdx.json

      - name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: export-ci-artifacts
          path: ${{ env.ARTIFACT_DIR }}

      - name: Teardown MinIO
        if: always()
        run: docker compose -f ops/devops/export/minio-compose.yml down -v