magistrala/.github/workflows/api-tests.yml

# Copyright (c) Abstract Machines
# SPDX-License-Identifier: Apache-2.0

name: Property Based Tests

on:
  pull_request:
    branches:
      - main
    paths:
      - ".github/workflows/api-tests.yml"
      - "api/**"
      - "auth/api/http/**"
      - "bootstrap/api**"
      - "certs/api/**"
      - "consumers/notifiers/api/**"
      - "http/api/**"
      - "invitations/api/**"
      - "journal/api/**"
      - "provision/api/**"
      - "readers/api/**"
      - "clients/api/**"
      - "users/api/**"

env:
  TOKENS_URL: http://localhost:9002/users/tokens/issue
  DOMAINS_URL: http://localhost:8189/domains
  USER_IDENTITY: admin@example.com
  USER_SECRET: 12345678
  DOMAIN_NAME: demo-test
  USERS_URL: http://localhost:9002
  CLIENTS_URL: http://localhost:9000
  HTTP_ADAPTER_URL: http://localhost:8008
  INVITATIONS_URL: http://localhost:9020
  AUTH_URL: http://localhost:8189
  BOOTSTRAP_URL: http://localhost:9013
  CERTS_URL: http://localhost:9019
  PROVISION_URL: http://localhost:9016
  POSTGRES_READER_URL: http://localhost:9009
  TIMESCALE_READER_URL: http://localhost:9011
  JOURNAL_URL: http://localhost:9021

jobs:
  api-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v4

      - name: Install Go
        uses: actions/setup-go@v5
        with:
          go-version: 1.22.x
          cache-dependency-path: "go.sum"

      - name: Build images
        run: make all -j $(nproc) && make dockers_dev -j $(nproc)

      - name: Start containers
        run: make run up args="-d" && make run_addons up args="-d"

      - name: Set access token
        run: |
          export USER_TOKEN=$(curl -sSX POST $TOKENS_URL -H "Content-Type: application/json" -d "{\"identity\": \"$USER_IDENTITY\",\"secret\": \"$USER_SECRET\"}" | jq -r .access_token)
          export DOMAIN_ID=$(curl -sSX POST $DOMAINS_URL -H "Content-Type: application/json" -H "Authorization: Bearer $USER_TOKEN" -d "{\"name\":\"$DOMAIN_NAME\",\"alias\":\"$DOMAIN_NAME\"}" | jq -r .id)
          export USER_TOKEN=$(curl -sSX POST $TOKENS_URL -H "Content-Type: application/json" -d "{\"identity\": \"$USER_IDENTITY\",\"secret\": \"$USER_SECRET\",\"domain_id\": \"$DOMAIN_ID\"}" | jq -r .access_token)
          echo "USER_TOKEN=$USER_TOKEN" >> $GITHUB_ENV
          export CLIENT_SECRET=$(magistrala-cli provision test | /usr/bin/grep -Eo '"secret": "[^"]+"' | awk 'NR % 2 == 0' | sed 's/"secret": "\(.*\)"/\1/')
          echo "CLIENT_SECRET=$CLIENT_SECRET" >> $GITHUB_ENV

      - name: Check for changes in specific paths
        uses: dorny/paths-filter@v3
        id: changes
        with:
          filters: |
            journal:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/journal.yml"
              - "journal/api/**"

            auth:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/auth.yml"
              - "auth/api/http/**"

            bootstrap:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/bootstrap.yml"
              - "bootstrap/api/**"

            certs:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/certs.yml"
              - "certs/api/**"

            http:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/http.yml"
              - "http/api/**"

            invitations:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/invitations.yml"
              - "invitations/api/**"

            provision:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/provision.yml"
              - "provision/api/**"

            readers:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/readers.yml"
              - "readers/api/**"

            clients:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/clients.yml"
              - "clients/api/**"

            users:
              - ".github/workflows/api-tests.yml"
              - "api/openapi/users.yml"
              - "users/api/**"

      - name: Run Users API tests
        if: steps.changes.outputs.users == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/users.yml
          base-url: ${{ env.USERS_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Clients API tests
        if: steps.changes.outputs.clients == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/clients.yml
          base-url: ${{ env.CLIENTS_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run HTTP Adapter API tests
        if: steps.changes.outputs.http == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/http.yml
          base-url: ${{ env.HTTP_ADAPTER_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Client ${{ env.CLIENT_SECRET }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Invitations API tests
        if: steps.changes.outputs.invitations == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/invitations.yml
          base-url: ${{ env.INVITATIONS_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Auth API tests
        if: steps.changes.outputs.auth == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/auth.yml
          base-url: ${{ env.AUTH_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Journal API tests
        if: steps.changes.outputs.journal == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/journal.yml
          base-url: ${{ env.JOURNAL_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Bootstrap API tests
        if: steps.changes.outputs.bootstrap == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/bootstrap.yml
          base-url: ${{ env.BOOTSTRAP_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Certs API tests
        if: steps.changes.outputs.certs == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/certs.yml
          base-url: ${{ env.CERTS_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Provision API tests
        if: steps.changes.outputs.provision == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/provision.yml
          base-url: ${{ env.PROVISION_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Seed Messages
        if: steps.changes.outputs.readers == 'true'
        run: |
          make cli
          ./build/cli provision test

      - name: Run Postgres Reader API tests
        if: steps.changes.outputs.readers == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/readers.yml
          base-url: ${{ env.POSTGRES_READER_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Run Timescale Reader API tests
        if: steps.changes.outputs.readers == 'true'
        uses: schemathesis/action@v1
        with:
          schema: api/openapi/readers.yml
          base-url: ${{ env.TIMESCALE_READER_URL }}
          checks: all
          report: false
          args: '--header "Authorization: Bearer ${{ env.USER_TOKEN }}" --contrib-openapi-formats-uuid --hypothesis-suppress-health-check=filter_too_much --stateful=links'

      - name: Stop containers
        if: always()
        run: make run down args="-v" && make run_addons down args="-v"