.github/workflows/test.yaml

name: Test

on:
  pull_request:
    branches: [main]
    types: [milestoned, opened, synchronize]
    paths-ignore:
      - "**.md"
      - "**.jpg"
      - "**.png"
      - "**.gif"
      - "**.svg"
      - "adr/**"
      - "docs/**"
      - ".gitignore"
      - "renovate.json"
      - ".release-please-config.json"
      - "release-please-config.json"
      - "oscal-component.yaml"
      - "CODEOWNERS"
      - "LICENSE"
      - "CONTRIBUTING.md"
      - "SECURITY.md"


# Abort prior jobs in the same workflow / PR
concurrency:
  group: test-${{ github.ref }}-${{ inputs.package }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  test:
    name: ${{ matrix.type }} ${{ matrix.flavor }}
    runs-on: ubuntu-latest
    timeout-minutes: 25
    strategy:
      matrix:
        flavor: [upstream]
        type: [install]

    steps:
      - name: Checkout repository
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
      - name: Install Step CLI
        run: |
          wget https://github.com/smallstep/cli/releases/download/v0.27.2/step-cli_amd64.deb
          sudo dpkg -i step-cli_amd64.deb

      - name: Environment setup
        uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
        with:
          registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
          registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
          ghToken: ${{ secrets.GITHUB_TOKEN }}

      # TODO: This is not needed once https://github.com/sigstore/helm-charts/pull/790 is merged
      - name: Sigstore Helm Shim
        run: |
          uds zarf tools helm repo add sigstore https://sigstore.github.io/helm-charts
          curl https://raw.githubusercontent.com/sigstore/helm-charts/main/security/pubkey.gpg | gpg --import --batch
          gpg --export >~/.gnupg/pubring.gpg

      - name: Test
        uses: defenseunicorns/uds-common/.github/actions/test@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
        with:
          flavor: ${{ matrix.flavor }}
          type: ${{ matrix.type }}

      - name: Debug Output
        if: ${{ always() }}
        uses: defenseunicorns/uds-common/.github/actions/debug-output@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2

      - name: Save logs
        if: always()
        uses: defenseunicorns/uds-common/.github/actions/save-logs@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
        with:
          suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}