firezone/.github/workflows/ci.yml

name: CI
on:
  - push
defaults:
  run:
    shell: bash

jobs:
  unit-integration-test:
    runs-on: ubuntu-20.04
    env:
      MIX_ENV: test
      POSTGRES_HOST: localhost
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    services:
      postgres:
        image: postgres:13
        ports:
          - 5432:5432
        env:
          POSTGRES_USER: fireguard
          POSTGRES_PASSWORD: postgres
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - uses: actions/checkout@v2
      - name: Install Runtimes
        run: |
          wget -O erlang.deb https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_23.1-1~ubuntu~focal_amd64.deb
          wget -O elixir.deb https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.11.2-1~ubuntu~focal_all.deb
          sudo dpkg -i erlang.deb
          sudo dpkg -i elixir.deb
      - name: Install Dependencies
        run: mix deps.get --only test
      - name: Setup Database
        run: |
          mix ecto.create
          mix ecto.migrate
      - name: Run Tests and Upload Coverage Report
        run: mix coveralls.github --umbrella

  build:
    needs: unit-integration-test
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v2
      - name: Install runtimes
        run: |
          curl -sL https://deb.nodesource.com/setup_10.x | bash -
          sudo apt install nodejs
          wget -O erlang.deb https://packages.erlang-solutions.com/erlang/debian/pool/esl-erlang_23.1-1~ubuntu~focal_amd64.deb
          wget -O elixir.deb https://packages.erlang-solutions.com/erlang/debian/pool/elixir_1.11.2-1~ubuntu~focal_all.deb
          sudo dpkg -i erlang.deb
          sudo dpkg -i elixir.deb
      - name: Build release
        run: |
          scripts/build_prod_release.sh
          scripts/build_fireguard_deb.sh
      - name: Rename Built Artifacts
        run: |
          filename="fireguard_${{ github.sha }}-1_amd64.deb"
          cp fireguard_amd64.deb ./${filename}
      - uses: actions/upload-artifact@v2
        with:
          name: fireguard-deb
          path: "fireguard*.deb"

  functional-test:
    needs: build
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/download-artifact@v2
        with:
          name: fireguard-deb
      - name: Test Install package
        env:
          DEBIAN_FRONTEND: noninteractive
        run: |
          sudo apt-get update
          sudo apt-get install -y postgresql \
            wireguard iptables net-tools curl ca-certificates
          sudo systemctl start postgresql
          sudo dpkg -i fireguard*.deb

          # Wait for app to start
          sleep 10

          echo "Setting NO_PROXY env var"
          export NO_PROXY=$(hostname)

          echo "Checking FireGuard service status"
          sudo systemctl status fireguard

          echo "Checking FireGuard logs..."
          sudo journalctl -u fireguard.service -b

          echo "Checking if FireGuard service is active"
          sudo systemctl is-active fireguard

          echo "Trying to load homepage..."
          curl -i -vvv -k https://localhost:8800/ || true

          echo "Checking logs again..."
          sudo journalctl -u fireguard.service -b

          echo "Attempting openssl s_client to a known server"
          openssl s_client -connect google.com:443 -servername google.com -showcerts -prexit -debug

          echo "Connecting to FireGuard with openssl"
          openssl s_client -connect localhost:8800 -servername $(hostname) -showcerts -prexit -debug

  publish:
    needs: build
    runs-on: ubuntu-20.04
    if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
    steps:
      - name: Create Release
        id: create_release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          draft: false
          prerelease: true
      - uses: actions/download-artifact@v2
        with:
          name: fireguard-deb
      - name: Upload Release Asset
        id: upload-release-asset
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.create_release.outputs.upload_url }}
          asset_path: ./fireguard_${{ github.sha }}-1_amd64.deb
          asset_name: fireguard_amd64.deb
          asset_content_type: application/vnd.debian.binary-package