docker-compose/.github/workflows/ci.yml

name: ci

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:
  workflow_dispatch:
    inputs:
      debug_enabled:
        description: 'To run with tmate enter "debug_enabled"'
        required: false
        default: "false"

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  prepare:
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.platforms.outputs.matrix }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Create matrix
        id: platforms
        run: |
          echo matrix=$(docker buildx bake binary-cross --print | jq -cr '.target."binary-cross".platforms') >> $GITHUB_OUTPUT
      -
        name: Show matrix
        run: |
          echo ${{ steps.platforms.outputs.matrix }}

  validate:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        target:
          - lint
          - validate-go-mod
          - validate-headers
          - validate-docs
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Run
        run: |
          make ${{ matrix.target }}

  binary:
    runs-on: ubuntu-latest
    needs:
      - prepare
    strategy:
      fail-fast: false
      matrix:
        platform: ${{ fromJson(needs.prepare.outputs.matrix) }}
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Prepare
        run: |
          platform=${MATRIX_PLATFORM}
          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
        env:
          MATRIX_PLATFORM: ${{ matrix.platform }}
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Build
        uses: docker/bake-action@v6
        with:
          source: .
          targets: release
          provenance: mode=max
          sbom: true
          set: |
            *.platform=${{ matrix.platform }}
            *.cache-from=type=gha,scope=binary-${{ env.PLATFORM_PAIR }}
            *.cache-to=type=gha,scope=binary-${{ env.PLATFORM_PAIR }},mode=max
      -
        name: Rename provenance and sbom
        working-directory: ./bin/release
        run: |
          binname=$(find . -name 'docker-compose-*')
          filename=$(basename "$binname" | sed -E 's/\.exe$//')
          mv "provenance.json" "${filename}.provenance.json"
          mv "sbom-binary.spdx.json" "${filename}.sbom.json"
          find . -name 'sbom*.json' -exec rm {} \;
      -
        name: List artifacts
        run: |
          tree -nh ./bin/release
      -
        name: Upload artifacts
        uses: actions/upload-artifact@v4
        with:
          name: compose-${{ env.PLATFORM_PAIR }}
          path: ./bin/release
          if-no-files-found: error

  test:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Test
        uses: docker/bake-action@v6
        with:
          targets: test
          set: |
            *.cache-from=type=gha,scope=test
            *.cache-to=type=gha,scope=test
      -
        name: Gather coverage data
        uses: actions/upload-artifact@v4
        with:
          name: coverage-data-unit
          path: bin/coverage/unit/
          if-no-files-found: error
      - 
        name: Unit Test Summary
        uses: test-summary/action@v2
        with:
          paths: bin/coverage/unit/report.xml       
        if: always()
  e2e:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        mode:
          - plugin
          - standalone
        engine:
          - 26
          - 27
          - 28
    steps:
      - name: Prepare
        run: |
          mode=${{ matrix.mode }}
          engine=${{ matrix.engine }}
          echo "MODE_ENGINE_PAIR=${mode}-${engine}" >> $GITHUB_ENV

      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Docker ${{ matrix.engine }}
        run: |
          sudo systemctl stop docker.service
          sudo apt-get purge docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin
          sudo apt-get install curl
          curl -fsSL https://test.docker.com -o get-docker.sh
          sudo sh ./get-docker.sh --version ${{ matrix.engine }}

      - name: Check Docker Version
        run: docker --version

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Set up Docker Model
        run: |
          sudo apt-get install docker-model-plugin
          docker model version

      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'
          check-latest: true
          cache: true

      - name: Build example provider
        run: make example-provider

      - name: Build
        uses: docker/bake-action@v6
        with:
          source: .
          targets: binary-with-coverage
          set: |
            *.cache-from=type=gha,scope=binary-linux-amd64
            *.cache-from=type=gha,scope=binary-e2e-${{ matrix.mode }}
            *.cache-to=type=gha,scope=binary-e2e-${{ matrix.mode }},mode=max
        env:
          BUILD_TAGS: e2e

      - name: Setup tmate session
        if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }}
        uses: mxschmitt/action-tmate@8b4e4ac71822ed7e0ad5fb3d1c33483e9e8fb270 # v3.11
        with:
          limit-access-to-actor: true
          github-token: ${{ secrets.GITHUB_TOKEN }}

      - name: Test plugin mode
        if: ${{ matrix.mode == 'plugin' }}
        run: |
          rm -rf ./bin/coverage/e2e
          mkdir -p ./bin/coverage/e2e
          make e2e-compose GOCOVERDIR=bin/coverage/e2e TEST_FLAGS="-v"

      - name: Gather coverage data
        if: ${{ matrix.mode == 'plugin' }}
        uses: actions/upload-artifact@v4
        with:
          name: coverage-data-e2e-${{ env.MODE_ENGINE_PAIR }}
          path: bin/coverage/e2e/
          if-no-files-found: error

      - name: Test standalone mode
        if: ${{ matrix.mode == 'standalone' }}
        run: |
          rm -f /usr/local/bin/docker-compose
          cp bin/build/docker-compose /usr/local/bin
          make e2e-compose-standalone

      - name: e2e Test Summary
        uses: test-summary/action@v2
        with:
          paths: /tmp/report/report.xml       
        if: always()
  coverage:
    runs-on: ubuntu-latest
    needs:
      - test
      - e2e
    steps:
      # codecov won't process the report without the source code available
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'
          check-latest: true
      - name: Download unit test coverage
        uses: actions/download-artifact@v4
        with:
          name: coverage-data-unit
          path: coverage/unit
          merge-multiple: true
      - name: Download E2E test coverage
        uses: actions/download-artifact@v4
        with:
          pattern: coverage-data-e2e-*
          path: coverage/e2e
          merge-multiple: true
      - name: Merge coverage reports
        run: |
          go tool covdata textfmt -i=./coverage/unit,./coverage/e2e -o ./coverage.txt
      - name: Store coverage report in GitHub Actions
        uses: actions/upload-artifact@v4
        with:
          name: go-covdata-txt
          path: ./coverage.txt
          if-no-files-found: error
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v3
        with:
          files: ./coverage.txt

  release:
    permissions:
      contents: write # to create a release (ncipollo/release-action)

    runs-on: ubuntu-latest
    needs:
      - binary
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Download artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: compose-*
          path: ./bin/release
          merge-multiple: true
      -
        name: Create checksums
        working-directory: ./bin/release
        run: |
          find . -type f -print0 | sort -z | xargs -r0 shasum -a 256 -b | sed 's# \*\./# *#' > $RUNNER_TEMP/checksums.txt
          shasum -a 256 -U -c $RUNNER_TEMP/checksums.txt
          mv $RUNNER_TEMP/checksums.txt .
          cat checksums.txt | while read sum file; do
            if [[ "${file#\*}" == docker-compose-* && "${file#\*}" != *.provenance.json && "${file#\*}" != *.sbom.json ]]; then
              echo "$sum $file" > ${file#\*}.sha256
            fi
          done
      -
        name: List artifacts
        run: |
          tree -nh ./bin/release
      -
        name: Check artifacts
        run: |
          find bin/release -type f -exec file -e ascii -- {} +
      -
        name: GitHub Release
        if: startsWith(github.ref, 'refs/tags/v')
        uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37 # v1.10.0
        with:
          artifacts: ./bin/release/*
          generateReleaseNotes: true
          draft: true
          token: ${{ secrets.GITHUB_TOKEN }}