.github/workflows/deploy-docker.yml

---
# This is a basic workflow to help you get started with Actions

name: "deploy-docker"

# Controls when the action will run.
on:
  # Triggers the workflow on push or pull request events
  push:
  pull_request:

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  deploy_docker:
    # The type of runner that the job will run on
    runs-on: "ubuntu-24.04"

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - name: Checkout $GITHUB_WORKSPACE
        uses: actions/checkout@v4

      - name: Update and install stuff
        run: |
          sudo rm -f /opt/pipx_bin/ansible*
          sudo apt -q update
          sudo apt -y install ansible bridge-utils apparmor-utils wget \
                              python3-pip python3-setuptools python3-wheel \
                              python3-venv yamllint python3-jinja2 python3-yaml \
                              python3-selenium python3-requests python3-bs4
          sudo pip3 install --break-system-packages webdriver-manager
          git clone https://github.com/dw/mitogen.git ~/mitogen
          wget --quiet https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
          sudo apt install ./google-chrome-stable_current_amd64.deb

      - name: Fix docker crap
        run: |
          cat docker/hosts | sudo tee -a /etc/hosts
          #sudo docker system prune -f
          sudo systemctl stop docker
          sudo mv /var/lib/docker /var/lib/docker.old  # faster than removing
          sudo mkdir -p /mnt/docker
          sudo ln -s /mnt/docker /var/lib
          sudo systemctl start docker

      # See https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
      - name: Setup cache
        id: cache-docker
        uses: actions/cache@v4
        with:
          path: ~/docker-save
          key: docker-save-${{ github.run_id }}
          restore-keys: docker-save-

      # Useful for debugging
      - name: Show versions
        run: |
          python3 --version
          ansible --version

      # apparmor is by default enabled for binaries _in_ the containers and is restricting
      # mysql from reading tls keys
      - name: Disable apparmor
        run: |
          sudo aa-status --json | jq '
            .profiles | to_entries
            | map( select( (.key | startswith("/") ) and .value=="enforce") | .key )
            | .[]
          ' | grep -vE 'totem|pidgin|passt' | \
          while read -r profile; do
            sudo aa-complain "$profile" || true
          done

      # Install Ansible modules
      - name: Install Ansible modules
        run: |
          ansible-galaxy role install -r requirements.yml
          ansible-galaxy collection install -r requirements.yml

      # Restore docker cache
      - name: Restore docker cache
        run: docker load -i ~/docker-save/scz-base-cache.tar || true

      # Get scz-base-cache ImageID
      - name: Get scz-base-cache ImageID
        id: scz-base-cache-id
        run: >
          ID=$(docker image list scz-base-cache -q)
          echo "ID=$ID" >> $GITHUB_OUTPUT

      # Start containers without deploy
      - name: Start containers
        shell: bash
        env:
          SKIP_ANSIBLE: 1
        run: "./start-vm --container"

      # Get scz-base ImageID
      - name: Get scz-base ImageID
        id: scz-base-id
        run: >
          ID=$(docker image list scz-base -q) &&
          echo "ID=$ID" >> $GITHUB_OUTPUT

      # Save newly created containers to docker cache
      - name: Save docker cache
        run: >
          mkdir -p ~/docker-save &&
          docker tag scz-base scz-base-cache &&
          docker save scz-base-cache -o ~/docker-save/scz-base-cache.tar &&
          ls -lh ~/docker-save || true
        if: steps.scz-base-cache-id.outputs.ID != steps.scz-base-id.outputs.ID

      # Deploy components
      - name: Run start-vm
        shell: bash
        run: "./start-vm --container"

      # Deploy components again for idempotency
      - name: Run start-vm
        env:
          REEANTRANT: 1
        run: "./start-vm --container --diff --tags=common"

      - name: Run idempotency check...
        run: /usr/bin/python3 ./scripts/check-idempotency-status

      # Run SBS logintest
      - name: Run SBS logintest
        run: /usr/bin/python3 ./scripts/sbs-login.py

      - name: Save screenshot of error
        uses: actions/upload-artifact@v4
        with:
          name: "sbs-logintest"
          path: |
            screenshot.png
            page.html
            console.txt
        if: failure()

      - name: Show docker status
        run: |
          ansible -v -i environments/docker/inventory --become "docker" \
                  -m command -a "/usr/bin/docker ps -a"
        if: failure()

      - name: Show docker logs
        run: |
          docker exec -ti docker-docker1-1 /bin/sh -c '
            docker ps -q | while read c; do
              name=$(docker inspect --format "{{.Name}} ({{.Id}})" $c);
              echo -e "\n\n========\n== $name\n==========\n";
              docker logs -n 10 $c 2>/dev/null;
            done
          '
          docker exec -ti docker-docker2-1 /bin/sh -c '
            docker ps -q | while read c; do
              name=$(docker inspect --format "{{.Name}} ({{.Id}})" $c);
              echo -e "\n\n========\n== $name\n==========\n";
              docker logs -n 10 $c 2>/dev/null;
            done
          '
        if: failure()

      - name: Show sbs logs
        run: |
          ansible -v -i environments/docker/inventory --become "docker" \
                  -m command -a "/bin/sh -c '
                    if test -e /opt/sram/sbs/log/sbs.log; then
                      echo ===sbs log===;
                      cat /opt/sram/sbs/log/sbs.log;
                    else
                      echo ===no sbs log===;
                    fi
                  '"
        if: failure()

      # Setup tmate session
      - name: Setup tmate session
        uses: mxschmitt/action-tmate@v3
        with:
          limit-access-to-actor: true
        timeout-minutes: 60
        if: failure()


#        env:
#          ACTIONS_STEP_DEBUG: ${{ secrets.ACTIONS_STEP_DEBUG }}
#        if: ${{ failure() && env.ACTIONS_STEP_DEBUG == 'true' }}