include:
  - project: 'uis/devops/continuous-delivery/ci-templates'
    file: '/terraform-module.yml'
    ref: "v3.6.1"
  - project: 'uis/devops/continuous-delivery/ci-templates'
    file: '/pre-commit.yml'
    ref: "v3.6.1"

variables:
  LOGAN_IMAGE: registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/logan-terraform:1.6

  # Disable the changelog check as it doesn't behave well with pre/beta releases. Also, the check is not required as
  # we're using release-it for release automation which handles changelog auto-generation.
  CHANGELOG_CHECK_DISABLED: 1

# This is a workaround to allow the "tests" job matrix below to be manually triggered. Without this job, and the
# associated "needs" dependency in the "tests" job, all tests would run on every push, which is undesirable given the
# number of resources that they create. Instead, developers should manually trigger this job from the pipeline UI when
# they require the test suite to run, for example as part of the MR review process.
run_tests:
  stage: test
  when: manual
  allow_failure: false
  script: echo "Triggering test jobs..."

.cleanup:
  image: $LOGAN_IMAGE
  script: ./tests/cleanup.sh
  when: always
  tags:
    - $GKE_RUNNER_TAG

pre-cleanup:
  extends: .cleanup
  stage: test
  needs:
    - run_tests

tests:
  stage: test
  image: $LOGAN_IMAGE
  variables:
    GOOGLE_IMPERSONATE_SERVICE_ACCOUNT: "terraform-deploy@infra-testing-int-e2395220.iam.gserviceaccount.com"
  script: |
    # This unsets the GOOGLE_APPLICATION_CREDENTIALS as it is not required but the logan-terraform images sets it.
    unset GOOGLE_APPLICATION_CREDENTIALS

    ./run_tests.sh -c -t "tests/$TEST_FILE"
  needs:
    - run_tests
    - pre-cleanup
  tags:
    - $GKE_RUNNER_TAG
  parallel:
    # This matrix runs each of our test files in parallel targeting v4.x and v5.x of the Google Terraform provider
    # separately as we support both. It also ensures that subnet CIDR ranges do not clash when testing the VPC
    # Access/static egress IP configurations.
    matrix:
      - TEST_FILE:
          - cloud_run_service.tftest.hcl
          - cloudsql.tftest.hcl
          - load_balancer.tftest.hcl
          - pre_deploy_job.tftest.hcl
        GOOGLE_PROVIDER_VERSION_CONSTRAINT:
          - "> 4, < 5"
          - "> 5, < 6"
      - TEST_FILE:
          - monitoring.tftest.hcl
        GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 4, < 5"
        TF_VAR_static_egress_ip_cidr_range: "10.0.0.0/28"
        TF_VAR_test_ip_cidr_range: "10.0.0.16/28"
      - TEST_FILE:
          - monitoring.tftest.hcl
        GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 5, < 6"
        TF_VAR_static_egress_ip_cidr_range: "10.0.0.32/28"
        TF_VAR_test_ip_cidr_range: "10.0.0.48/28"
      - TEST_FILE:
          - vpc_access.tftest.hcl
        GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 4, < 5"
        TF_VAR_static_egress_ip_cidr_range: "10.0.0.64/28"
        TF_VAR_test_ip_cidr_range: "10.0.0.80/28"
      - TEST_FILE:
          - vpc_access.tftest.hcl
        GOOGLE_PROVIDER_VERSION_CONSTRAINT: "> 5, < 6"
        TF_VAR_static_egress_ip_cidr_range: "10.0.0.96/28"
        TF_VAR_test_ip_cidr_range: "10.0.0.112/28"

post-cleanup:
  extends: .cleanup
  stage: review