name: CI

on:
  push:
    branches:
      - "master"
  pull_request:

# At the start of each workflow run, GitHub creates a unique
# GITHUB_TOKEN secret to use in the workflow. It is a good idea for
# this GITHUB_TOKEN to have the minimum of permissions.  See:
#
# - https://docs.github.com/en/actions/security-guides/automatic-token-authentication
# - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
#
permissions:
  contents: read

# Control to what degree jobs in this workflow will run concurrently with
# other instances of themselves.
#
# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
concurrency:
  # We want every revision on master to run the workflow completely.
  # "head_ref" is not set for the "push" event but it is set for the
  # "pull_request" event.  If it is set then it is the name of the branch and
  # we can use it to make sure each branch has only one active workflow at a
  # time.  If it is not set then we can compute a unique string that gives
  # every master/push workflow its own group.
  group: "${{ github.head_ref || format('{0}-{1}', github.run_number, github.run_attempt) }}"

  # Then, we say that if a new workflow wants to start in the same group as a
  # running workflow, the running workflow should be cancelled.
  cancel-in-progress: true

env:
  # Tell Hypothesis which configuration we want it to use.
  TAHOE_LAFS_HYPOTHESIS_PROFILE: "ci"

jobs:

  coverage:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - windows-latest
        python-version:
          - "3.8"
          - "3.9"
          - "3.10"
          - "3.11"
        include:
          # On macOS don't bother with 3.8, just to get faster builds.
          - os: macos-12
            python-version: "3.9"
          - os: macos-12
            python-version: "3.11"
          # We only support PyPy on Linux at the moment.
          - os: ubuntu-latest
            python-version: "pypy-3.8"
          - os: ubuntu-latest
            python-version: "pypy-3.9"

    steps:
      # See https://github.com/actions/checkout. A fetch-depth of 0
      # fetches all tags and branches.
      - name: Check out Tahoe-LAFS sources
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}
          cache: 'pip'  # caching pip dependencies

      - name: Install Python packages
        run: |
          pip install --upgrade "tox<4" tox-gh-actions setuptools
          pip list

      - name: Display tool versions
        run: python misc/build_helpers/show-tool-versions.py

      - name: Run tox for corresponding Python version
        if: ${{ !contains(matrix.os, 'windows') }}
        run: python -m tox

      # On Windows, a non-blocking pipe might respond (when emulating Unix-y
      # API) with ENOSPC to indicate buffer full. Trial doesn't handle this
      # well, so it breaks test runs. To attempt to solve this, we pipe the
      # output through passthrough.py that will hopefully be able to do the right
      # thing by using Windows APIs.
      - name: Run tox for corresponding Python version
        if: ${{ contains(matrix.os, 'windows') }}
        run: |
          pip install twisted pywin32
          python -m tox | python misc/windows-enospc/passthrough.py

      - name: Upload eliot.log
        uses: actions/upload-artifact@v3
        with:
          name: eliot.log
          path: eliot.log

      - name: Upload trial log
        uses: actions/upload-artifact@v3
        with:
          name: test.log
          path: _trial_temp/test.log

      # Upload this job's coverage data to Coveralls.  While there is a GitHub
      # Action for this, as of Jan 2021 it does not support Python coverage
      # files - only lcov files.  Therefore, we use coveralls-python, the
      # coveralls.io-supplied Python reporter, for this.
      - name: "Report Coverage to Coveralls"
        run: |
          pip3 install --upgrade coveralls==3.0.1
          python3 -m coveralls
        env:
          # Some magic value required for some magic reason.
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
          # Help coveralls identify our project.
          COVERALLS_REPO_TOKEN: "JPf16rLB7T2yjgATIxFzTsEgMdN1UNq6o"
          # Every source of coverage reports needs a unique "flag name".
          # Construct one by smashing a few variables from the matrix together
          # here.
          COVERALLS_FLAG_NAME: "run-${{ matrix.os }}-${{ matrix.python-version }}"
          # Mark the data as just one piece of many because we have more than
          # one instance of this job (Windows, macOS) which collects and
          # reports coverage.  This is necessary to cause Coveralls to merge
          # multiple coverage results into a single report.  Note the merge
          # only happens when we "finish" a particular build, as identified by
          # its "build_num" (aka "service_number").
          COVERALLS_PARALLEL: true

  # Tell Coveralls that we're done reporting coverage data.  Since we're using
  # the "parallel" mode where more than one coverage data file is merged into
  # a single report, we have to tell Coveralls when we've uploaded all of the
  # data files.  This does it.  We make sure it runs last by making it depend
  # on *all* of the coverage-collecting jobs.
  #
  # See notes about parallel builds on GitHub Actions at
  # https://coveralls-python.readthedocs.io/en/latest/usage/configuration.html
  finish-coverage-report:
    needs:
      - "coverage"
    runs-on: "ubuntu-latest"
    container: "python:3-slim"
    steps:
      - name: "Indicate completion to coveralls.io"
        run: |
          pip3 install --upgrade coveralls==3.0.1
          python3 -m coveralls --finish
        env:
          # Some magic value required for some magic reason.
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

  integration:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: macos-12
            python-version: "3.11"
            force-foolscap: false
          - os: windows-latest
            python-version: "3.11"
            force-foolscap: false
          # 22.04 has some issue with Tor at the moment:
          # https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3943
          - os: ubuntu-20.04
            python-version: "3.10"
            force-foolscap: false
    steps:

      - name: Install Tor [Ubuntu]
        if: ${{ contains(matrix.os, 'ubuntu') }}
        run: sudo apt install tor

      # TODO: See https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3744.
      # We have to use an older version of Tor for running integration
      # tests on macOS.
      - name: Install Tor [macOS, ${{ matrix.python-version }} ]
        if: ${{ contains(matrix.os, 'macos') }}
        run: |
          brew install tor

      - name: Install Tor [Windows]
        if: matrix.os == 'windows-latest'
        uses: crazy-max/ghaction-chocolatey@v2
        with:
          args: install tor

      - name: Check out Tahoe-LAFS sources
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}
          cache: 'pip'  # caching pip dependencies

      - name: Install Python packages
        run: |
          pip install --upgrade "tox<4"
          pip list

      - name: Display tool versions
        run: python misc/build_helpers/show-tool-versions.py

      - name: Run "Python 3 integration tests"
        if: "${{ !matrix.force-foolscap }}"
        env:
          # On macOS this is necessary to ensure unix socket paths for tor
          # aren't too long. On Windows tox won't pass it through so it has no
          # effect. On Linux it doesn't make a difference one way or another.
          TMPDIR: "/tmp"
        run: |
          tox -e integration

      - name: Run "Python 3 integration tests (force Foolscap)"
        if: "${{ matrix.force-foolscap }}"
        env:
          # On macOS this is necessary to ensure unix socket paths for tor
          # aren't too long. On Windows tox won't pass it through so it has no
          # effect. On Linux it doesn't make a difference one way or another.
          TMPDIR: "/tmp"
        run: |
          tox -e integration -- --force-foolscap integration/

      - name: Upload eliot.log in case of failure
        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: integration.eliot.json
          path: integration.eliot.json

  packaging:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - macos-12
          - windows-latest
          - ubuntu-latest
        python-version:
          - 3.9

    steps:

      - name: Check out Tahoe-LAFS sources
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}
          cache: 'pip' # caching pip dependencies

      - name: Install Python packages
        run: |
          pip install --upgrade "tox<4"
          pip list

      - name: Display tool versions
        run: python misc/build_helpers/show-tool-versions.py

      - name: Run "tox -e pyinstaller"
        run: tox -e pyinstaller

      # This step is to ensure there are no packaging/import errors.
      - name: Test PyInstaller executable
        run: dist/Tahoe-LAFS/tahoe --version

      - name: Upload PyInstaller package
        uses: actions/upload-artifact@v3
        with:
          name: Tahoe-LAFS-${{ matrix.os }}-Python-${{ matrix.python-version }}
          path: dist/Tahoe-LAFS-*-*.*