name: E2E Tests

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: read
  packages: write

jobs:
  build-image:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    outputs:
      image-tag: ${{ steps.meta.outputs.tag }}
    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Build plugin
        run: npm run build

      - name: Set image tag
        id: meta
        run: echo "tag=sha-$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to ghcr.io
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push E2E image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile.e2e
          push: true
          tags: ghcr.io/privilegedescalation/headlamp-polaris-e2e:${{ steps.meta.outputs.tag }}

  e2e:
    needs: build-image
    runs-on: runners-privilegedescalation
    timeout-minutes: 15
    env:
      E2E_NAMESPACE: headlamp-e2e
      E2E_RELEASE: headlamp-e2e
      IMAGE_TAG: ${{ needs.build-image.outputs.image-tag }}

    steps:
      - name: Checkout
        uses: actions/checkout@v6

      - name: Setup Helm
        uses: azure/setup-helm@v4
        with:
          version: v3.17.0

      - name: Deploy E2E Headlamp
        run: |
          helm repo add headlamp https://headlamp-k8s.github.io/headlamp/ --force-update
          helm repo update

          kubectl create namespace "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -

          helm upgrade --install "$E2E_RELEASE" headlamp/headlamp \
            -n "$E2E_NAMESPACE" \
            -f deployment/headlamp-e2e-values.yaml \
            --set "image.registry=ghcr.io" \
            --set "image.repository=privilegedescalation/headlamp-polaris-e2e" \
            --set "image.tag=${IMAGE_TAG}" \
            --wait \
            --timeout 120s

          kubectl rollout status "deployment/${E2E_RELEASE}-headlamp" \
            -n "$E2E_NAMESPACE" --timeout=120s

      - name: Generate E2E auth token
        id: token
        run: |
          kubectl create serviceaccount headlamp-e2e-test \
            -n "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
          TOKEN=$(kubectl create token headlamp-e2e-test -n "$E2E_NAMESPACE" --duration=1h)
          echo "::add-mask::${TOKEN}"
          echo "token=${TOKEN}" >> "$GITHUB_OUTPUT"
          echo "url=http://${E2E_RELEASE}-headlamp.${E2E_NAMESPACE}.svc.cluster.local" >> "$GITHUB_OUTPUT"

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Install Playwright browsers
        run: npx playwright install --with-deps chromium

      - name: Run E2E tests
        run: npm run e2e
        env:
          HEADLAMP_URL: ${{ steps.token.outputs.url }}
          HEADLAMP_TOKEN: ${{ steps.token.outputs.token }}

      - name: Teardown E2E Headlamp
        if: always()
        run: |
          helm uninstall "$E2E_RELEASE" -n "$E2E_NAMESPACE" 2>/dev/null || true
          kubectl delete namespace "$E2E_NAMESPACE" --ignore-not-found --wait=false

      - name: Upload Playwright report
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: playwright-report
          path: playwright-report/
          retention-days: 7

      - name: Upload test results
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: test-results
          path: test-results/
          retention-days: 7