zitadel/.github/workflows/test.yml

name: Quality

on:
  pull_request:
  schedule:
    # All 1 minutes
    - cron: '* * * * *'
  workflow_dispatch:
    inputs:
      zitadel-env:
        description: 'ZITADEL ENVIRONMENT'
        required: true
        type: choice
        options:
          - 'qa'
          - 'prod'
          - 'custom'
      zitadel-api-url:
        description: 'ZITADEL API URL'
        required: false
      zitadel-service-user-id:
        description: 'ZITADEL SERVICE USER ID'
        required: false
      zitadel-service-user-token:
        description: 'ZITADEL SERVICE USER TOKEN'
        required: false

jobs:
  prepare-matrix:
    # If the workflow is triggered by a schedule event, only the acceptance tests run against QA and Prod.
    name: Prepare Matrix
    runs-on: ubuntu-latest
    outputs:
      matrix: ${{ steps.prepare-matrix.outputs.matrix }}
    steps:
      - name: Prepare Matrix
        id: prepare-matrix
        run: |
          if [ -z "${{ github.event.schedule }}" ]; then
            echo 'matrix=["test:acceptance:qa", "test:acceptance:prod"]' >> $GITHUB_OUTPUT
          elif [ -n "${{ github.event.inputs.zitadel-env }}" ]; then
            echo 'matrix=["test:acceptance:${{ github.event.inputs.zitadel-env }}"]' >> $GITHUB_OUTPUT
          elif [ -n "${{ github.event.inputs.zitadel-api-url }}" ]; then
            echo 'matrix=["test:acceptance:custom"]' >> $GITHUB_OUTPUT
          else
            echo 'matrix=["format --check", "lint", "test:unit", "test:integration", "test:acceptance"]' >> $GITHUB_OUTPUT
          fi
      - name: Show Matrix
        run: echo '${{ steps.prepare-matrix.outputs.matrix }}'

  quality:
    name: Ensure Quality

    runs-on: ubuntu-latest

    timeout-minutes: 30

    permissions:
      contents: "read"

    strategy:
      fail-fast: false
      matrix:
        command: ${{ fromJson( needs.prepare-matrix.outputs.matrix ) }}

    steps:
      - name: Checkout Repo
        uses: actions/checkout@v4.1.6

      - name: Setup Buf
        uses: bufbuild/buf-setup-action@v1.45.0

      - name: Setup pnpm
        uses: pnpm/action-setup@v4.0.0

      - name: Setup Node.js 20.x
        uses: actions/setup-node@v4.0.2
        with:
          node-version: 20.x
          cache: 'pnpm'

      - uses: actions/cache@v4.0.2
        name: Setup Cypress binary cache
        with:
          path: ~/.cache/Cypress
          key: ${{ runner.os }}-cypress-binary-${{ hashFiles('**/pnpm-lock.yaml') }}
          restore-keys: |
            ${{ runner.os }}-cypress-binary-
        # The Cypress binary cache needs to be updated together with the pnpm dependencies cache.
        # That's why we don't conditionally cache it using if: ${{ matrix.command == 'test:integration' }}

      - name: Install Dependencies
        run: pnpm install --frozen-lockfile

        # We can cache the Playwright binary independently from the pnpm cache, because we install it separately.
        # After pnpm install --frozen-lockfile, we can get the version so we only have to download the binary once per version.
      - run: echo "PLAYWRIGHT_VERSION=$(npx playwright --version | cut -d ' ' -f 2)" >> $GITHUB_ENV
        if: ${{ startsWith(matrix.command, 'test:acceptance') }}

      - uses: actions/cache@v4.0.2
        name: Setup Playwright binary cache
        id: playwright-cache
        with:
          path: ~/.cache/ms-playwright
          key: ${{ runner.os }}-playwright-binary-${{ env.PLAYWRIGHT_VERSION }}
          restore-keys: |
            ${{ runner.os }}-playwright-binary-
        if: ${{ startsWith(matrix.command, 'test:acceptance') }}

      - name: Install Playwright Browsers
        run: pnpm exec playwright install --with-deps
        if: ${{ startsWith(matrix.command, 'test:acceptance') && steps.playwright-cache.outputs.cache-hit != 'true' }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        if: ${{ matrix.command == 'test:acceptance' }}

      - name: Run ZITADEL
        run: ZITADEL_DEV_UID=root pnpm run-zitadel
        if: ${{ matrix.command == 'test:acceptance' }}

      - name: Create Production Build
        run: pnpm build
        if: ${{ matrix.command == 'test:acceptance' }}

      - name: Create Production Build
        run: pnpm build
        if: ${{ matrix.command == 'test:acceptance:qa' || matrix.command == 'test:acceptance:prod' || matrix.command == 'test:acceptance:custom' }}
        env:
          ZITADEL_API_URL: ${{ matrix.command == 'test:acceptance:custom' && github.event.inputs.zitadel-api-url || matrix.command == 'test:acceptance:qa' && secrets.E2E_QA_ZITADEL_API_URL || secrets.E2E_PROD_ZITADEL_API_URL }}
          ZITADEL_SERVICE_USER_ID: ${{ matrix.command == 'test:acceptance:custom' && github.event.inputs.zitadel-service-user-id  || matrix.command == 'test:acceptance:qa' && secrets.E2E_QA_ZITADEL_SERVICE_USER_ID || secrets.E2E_PROD_ZITADEL_SERVICE_USER_ID}}
          ZITADEL_SERVICE_USER_TOKEN: ${{ matrix.command == 'test:acceptance:custom' && github.event.inputs.zitadel-service-user-token || matrix.command == 'test:acceptance:qa' && secrets.E2E_QA_ZITADEL_SERVICE_USER_TOKEN || secrets.E2E_PROD_ZITADEL_SERVICE_USER_TOKEN}}

      - name: Check
        id: check
        run: pnpm ${{ contains(matrix.command, 'test:acceptance') && 'test:acceptance' || matrix.command }}