enroll/.forgejo/workflows/ci.yml

name: CI

on:
  push:

jobs:
  test:
    runs-on: docker

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install system dependencies
        run: |
          mkdir -m 755 -p /etc/apt/keyrings
          curl -fsSL https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public | gpg --dearmor | tee /etc/apt/keyrings/salt-archive-keyring.pgp > /dev/null
          curl -fsSL https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources | tee /etc/apt/sources.list.d/salt.sources
          apt-get update
          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
            ansible ansible-lint python3-venv pipx systemctl python3-apt jq python3-jsonschema \
            puppet hiera \
            salt-master salt-minion salt-ssh salt-syndic salt-cloud salt-api

      - name: Install Poetry
        run: |
          pipx install poetry==1.8.3
          /root/.local/bin/poetry --version
          echo "$HOME/.local/bin" >> "$GITHUB_PATH"

      - name: Install project deps (including test extras)
        run: |
          poetry install --with dev

      - name: Install sops
        run: |
          curl -L -o /usr/local/bin/sops https://github.com/getsops/sops/releases/download/v3.13.1/sops-v3.13.1.linux.amd64
          chmod +x /usr/local/bin/sops

      - name: Run test script
        run: |
          ./tests.sh

      # Notify if any previous step in this job failed
      - name: Notify on failure
        if: ${{ failure() }}
        env:
          WEBHOOK_URL: ${{ secrets.NODERED_WEBHOOK_URL }}
          REPOSITORY: ${{ forgejo.repository }}
          RUN_NUMBER: ${{ forgejo.run_number }}
          SERVER_URL: ${{ forgejo.server_url }}
        run: |
          curl -X POST \
               -H "Content-Type: application/json" \
               -d "{\"repository\":\"$REPOSITORY\",\"run_number\":\"$RUN_NUMBER\",\"status\":\"failure\",\"url\":\"$SERVER_URL/$REPOSITORY/actions/runs/$RUN_NUMBER\"}" \
               "$WEBHOOK_URL"