name: CI
on: [ push, pull_request ]
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        jdk: [ 11, 17, 21 ]
        vault: [ '1.2.0', '1.11.12', '1.18.0' ]
        include:
          - jdk: 21
            vault: '1.18.0'
            analysis: true
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Set up Java
        uses: actions/setup-java@v4
        with:
          java-version: ${{ matrix.jdk }}
          distribution: 'temurin'
      - name: Compile
        run: mvn -B clean compile
      - name: Set up Vault
        if: github.ref_name == 'main' || github.base_ref == 'main' || startsWith(github.ref_name, 'release/')
        run: |
          wget -q "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_linux_amd64.zip"
          wget -q -O - "https://releases.hashicorp.com/vault/${{ matrix.vault }}/vault_${{ matrix.vault }}_SHA256SUMS" | grep linux_amd64 | sha256sum -c
          tmp="$(mktemp -d)"
          unzip "vault_${{ matrix.vault }}_linux_amd64.zip" -d "$tmp"
          rm "vault_${{ matrix.vault }}_linux_amd64.zip"
          sudo mv "$tmp/vault" /usr/bin/vault
          rm -rf "$tmp"
      - name: Test (Unit & Integration)
        if: github.ref_name == 'main'|| github.base_ref == 'main' || startsWith(github.ref_name, 'release/')
        env:
          VAULT_VERSION: ${{ matrix.vault }}
        run: mvn -B -P coverage -P integration-test verify
      - name: Test (Unit)
        if: github.ref_name != 'main' && github.base_ref != 'main' && !startsWith(github.ref_name, 'release/')
        run: mvn -B -P coverage verify
      - name: Analysis
        if: matrix.analysis
        run: >
          mvn -B sonar:sonar
          -Dsonar.host.url=https://sonarcloud.io
          -Dsonar.organization=stklcode-github
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}