on:
  push:
    branches:
      - '**'
      - '!master'
name: Nonprod CI
jobs:
  cicd:
    runs-on: ubuntu-latest
    steps:
      - name: Get Public IP
        id: ip
        uses: haythem/public-ip@v1.2
      - name: Checkout
        uses: actions/checkout@v2
      - name: Install Python 3.8
        uses: actions/setup-python@v2
        with:
          python-version: '3.8'
      - name: Lint
        uses: wemake-services/wemake-python-styleguide@0.14.1
      - name: Configure AWS
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}
      - name: Add IP to file deployment SG
        if: ${{ success() }}
        env:
          SECURITY_GROUP_ID: ${{ secrets.SECURITY_GROUP_ID }}
        run: |
          aws ec2 authorize-security-group-ingress --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 --group-id $SECURITY_GROUP_ID
          if [ "${{ steps.ip.outputs.ipv4 }}" != "${{ steps.ip.outputs.ipv6 }}" ]; then
            aws ec2 authorize-security-group-ingress --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv6 }}/128 --group-id $SECURITY_GROUP_ID
          fi
          sleep 10
      - name: Deploy to Dev
        if: ${{ success() && github.ref == 'refs/heads/develop' }}
        uses: JimCronqvist/action-ssh@0.1.1
        env:
          TARGET: ${{ secrets.DEV_TARGET }}
          VENV_PATH: ${{ secrets.DEV_VENV_PATH }}
          USER: ${{ secrets.DEV_USER }}
        with: 
          hosts: '${{ secrets.REMOTE_USER }}@${{ secrets.DEV_REMOTE_HOST }}'
          privateKey: ${{ secrets.SSH_PRIVATE_KEY }}
          command: |
            cd $TARGET
            sudo git fetch
            sudo git checkout $GITHUB_SHA
            sudo $VENV_PATH/bin/pip install -r requirements.txt
            sudo chown $USER:$USER $VENV_PATH -R
            NGINX_CONFIG=`sudo nginx -c /etc/nginx/nginx.conf -t 2>&1`
            if [[ "$NGINX_CONFIG" =~ "syntax is ok" ]]; then
              sudo systemctl reload nginx
              sudo systemctl restart uwsgi
            else
              exit 1
            fi
      - name: Remove IP from file deployment SG
        if: ${{ success() }}
        env: 
          SECURITY_GROUP_ID: ${{ secrets.SECURITY_GROUP_ID }}
        run: |
          aws ec2 revoke-security-group-ingress --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 --group-id $SECURITY_GROUP_ID
          if [ "${{ steps.ip.outputs.ipv4 }}" != "${{ steps.ip.outputs.ipv6 }}" ]; then
            aws ec2 revoke-security-group-ingress --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv6 }}/128 --group-id $SECURITY_GROUP_ID
          fi
      - name: Add IP to DB SG
        if: ${{ success() }}
        env:
          SECURITY_GROUP_ID: ${{ secrets.DB_SECURITY_GROUP }}
        run: |
          aws ec2 authorize-security-group-ingress --protocol tcp --port 3306 --cidr ${{ steps.ip.outputs.ipv4 }}/32 --group-id $SECURITY_GROUP_ID
          if [ "${{ steps.ip.outputs.ipv4 }}" != "${{ steps.ip.outputs.ipv6 }}" ]; then
            aws ec2 authorize-security-group-ingress --protocol tcp --port 3306 --cidr ${{ steps.ip.outputs.ipv6 }}/128 --group-id $SECURITY_GROUP_ID
          fi
          sleep 10
      - name: Verify database connection
        if: ${{ success() && github.ref == 'refs/heads/develop' }}
        env:
          MYSQL_SERVER: ${{ secrets.MYSQL_SERVER }}
        run: |
          mysqladmin ping -h $MYSQL_SERVER --silent
          if [ $? -ne 0 ]; then
            exit 1
          fi
      - name: Run migrations
        if: ${{ success() && github.ref == 'refs/heads/develop' }}
        env:
          VF_MYSQL_HOST: ${{ secrets.MYSQL_SERVER }}
          VF_MYSQL_USER: ${{ secrets.DEV_DBUSER }}
          VF_MYSQL_PASS: ${{ secrets.DEV_DBPASSWD }}
          VF_MYSQL_NAME: ${{ secrets.DEV_DBNAME }}
        run: |
          pip install -r requirements.txt
          python manage.py migrate --noinput
      - name: Remove IP from DB SG
        if: ${{ success() }}
        env: 
          SECURITY_GROUP_ID: ${{ secrets.DB_SECURITY_GROUP }}
        run: |
          aws ec2 revoke-security-group-ingress --protocol tcp --port 3306 --cidr ${{ steps.ip.outputs.ipv4 }}/32 --group-id $SECURITY_GROUP_ID
          if [ "${{ steps.ip.outputs.ipv4 }}" != "${{ steps.ip.outputs.ipv6 }}" ]; then
            aws ec2 revoke-security-group-ingress --protocol tcp --port 3306 --cidr ${{ steps.ip.outputs.ipv6 }}/128 --group-id $SECURITY_GROUP_ID
          fi
      - name: Smoke test in dev
        if: ${{ github.ref == 'refs/heads/develop' }}
        run: |
          sleep 2
          STATUS=0
          response=$(curl -s -o /dev/null -w "%{http_code}\n" https://beta.votefinder.org/)
          if [ "$response" != "200" ]; then
            echo "Index page failed"
            STATUS=1
          fi
          sleep 1
          response=$(curl -s -o /dev/null -w "%{http_code}\n" https://beta.votefinder.org/closed)
          if [ "$response" != "200" ]; then
            echo "Closed games page failed"
            STATUS=1
          fi
          sleep 1
          response=$(curl -s -o /dev/null -w "%{http_code}\n" https://beta.votefinder.org/game/a-game-of-chess)
          if [ "$response" != "200" ]; then
            echo "Single game page failed"
            STATUS=1
          fi
          sleep 1
          response=$(curl -s -o /dev/null -w "%{http_code}\n" https://beta.votefinder.org/auth/login)
          if [ "$response" != "200" ]; then
            echo "Login page failed"
            STATUS=1
          fi
          exit $STATUS
          response