secret/.gitea/workflows/test.yaml

name: Test

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  tests:
    strategy:
      matrix:
        arch: ['linux-amd64', 'linux-arm64', 'darwin-amd64', 'windows-amd64']
    runs-on: ${{ matrix.arch }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      
      - name: Setup go
        uses: actions/setup-go@v5
        with:
          go-version-file: 'go.mod'

      - name: Install Hashicorp Vault (on Linux)
        if: matrix.arch != 'darwin-amd64' && matrix.arch != 'windows-amd64'
        run: |
          ./script/vault-install.sh

      - name: Install Hashicorp Vault (on Windows)
        if: matrix.arch == 'windows-amd64'
        run: |
          & ".\scripts\vault-install.ps1"
        shell: pwsh

      - name: Start Vault in background (on Unix)
        id: start-vault
        if: matrix.arch != 'windows-amd64'
        env:
          VAULT_ADDR: "https://127.0.0.1:8200"
          VAULT_SKIP_VERIFY: "true"
        run: |
          ./script/vault-start.sh

      - name: Start Vault in background (on Windows)
        id: start-vault-windows
        if: matrix.arch == 'windows-amd64'
        shell: pwsh
        env:
          VAULT_ADDR: "https://127.0.0.1:8200"
          VAULT_SKIP_VERIFY: "true"
        run: |
          & ".\scripts\vault-start.ps1"

      - name: Setup Vault test data (on Unix)
        if: matrix.arch != 'windows-amd64'
        env:
          TEST_VAULT_KEY: ${{ vars.TEST_VAULT_KEY }}
          TEST_VAULT_VALUE: ${{ vars.TEST_VAULT_VALUE }}
          VAULT_ADDR: "https://127.0.0.1:8200"
          VAULT_TOKEN: root
          VAULT_SKIP_VERIFY: "true"
        run: |
          ./script/vault-setup.sh

      - name: Setup Vault test data (on Windows)
        if: matrix.arch == 'windows-amd64'
        env:
          VAULT_ADDR: "https://127.0.0.1:8200"
          VAULT_TOKEN: root
          VAULT_SKIP_VERIFY: "true"
        shell: pwsh
        run: |
          & ".\scripts\vault-setup.ps1"

      - name: Vet
        run: go vet -v ./...

      - name: Test
        env:
          TEST_VAULT_KEY: ${{ vars.TEST_VAULT_KEY }}
          TEST_VAULT_VALUE: ${{ vars.TEST_VAULT_VALUE }}
          VAULT_ADDR: "https://127.0.0.1:8200"
          VAULT_TOKEN: root
          VAULT_SKIP_VERIFY: "true"
        run: |
          go test -v ./...

      - name: Stop Vault (on Unix)
        if: always() && matrix.arch != 'windows-amd64'
        run: |
          if [ -f vault.pid ]; then
            kill $(cat vault.pid) 2>/dev/null || true
            rm -f vault.pid
          fi

      - name: Stop Vault (on Windows)
        if: always() && matrix.arch == 'windows-amd64'
        shell: pwsh
        run: |
          # Function to display logs
          function Show-VaultLogs {
            Write-Output "=== VAULT SERVER STDOUT (last 50 lines) ==="
            Get-Content "vault-logs/stdout.log" -ErrorAction SilentlyContinue | Select-Object -Last 50
            Write-Output "=== VAULT SERVER STDERR (last 50 lines) ==="
            Get-Content "vault-logs/stderr.log" -ErrorAction SilentlyContinue | Select-Object -Last 50
          }

          # Read PID from file (Gitea alternative to env vars)
          $vaultPid = $null
          if (Test-Path "vault-pid.txt") {
            $vaultPid = Get-Content "vault-pid.txt" -Raw
            Write-Output "Found Vault PID: $vaultPid"
          }

          # Check if previous steps failed
          $previousStepFailed = $false
          if ("${{ steps.start-vault.outcome }}" -eq "failure") {
            $previousStepFailed = $true
            Write-Output "Vault startup step failed"
          }

          # Stop the Vault process if we have a PID
          if ($vaultPid -and ($vaultPid -ne '')) {
            if ($previousStepFailed) {
              Write-Output "Previous step failed, showing Vault logs:"
              Show-VaultLogs
            }

            # Stop the Vault process
            try {
              Stop-Process -Id $vaultPid -Force -ErrorAction Stop
              Write-Output "Stopped Vault process $vaultPid"
            } catch {
              Write-Warning "Failed to stop process $vaultPid: $($_.Exception.Message)"
            }
          }

          # Clean up any remaining Vault processes
          $vaultProcesses = Get-Process -Name "vault" -ErrorAction SilentlyContinue
          if ($vaultProcesses) {
            Write-Output "Found additional Vault processes, stopping them..."
            $vaultProcesses | Stop-Process -Force -ErrorAction SilentlyContinue
          }

          # Always show logs if we're in a failure state
          if ($previousStepFailed -or "${{ job.status }}" -eq "failure") {
            Write-Output "Job failed, showing final Vault logs:"
            Show-VaultLogs
          }

          # Cleanup PID file
          if (Test-Path "vault-pid.txt") {
            Remove-Item "vault-pid.txt" -Force
          }