# These tests ensure that changes to the faucet itself or its code dependencies don't
# cause the faucet to stop working with the production (devnet and testnet) networks.
#
# For tests that prevent the node from breaking compatibility with the faucet, see
# faucet-tests-main.
#
# These tests use node images built from devnet / testnet so we don't need to use
# workflow_call to wait for the image build to finish.

name: "Faucet Integration Tests: Prod"
on:
  pull_request_target:
    types: [labeled, opened, synchronize, reopened, auto_merge_enabled]
  push:
    branches:
      - main

permissions:
  contents: read
  id-token: write # Required for GCP Workload Identity federation which we use to login into Google Artifact Registry

jobs:
  # Note on the job-level `if` conditions:
  # This workflow is designed such that we run subsequent jobs only when a 'push'
  # triggered the workflow or on 'pull_request's which have set auto_merge=true
  # or have the label "CICD:run-e2e-tests".
  permission-check:
    runs-on: ubuntu-latest
    steps:
      - name: Check repository permission for user which triggered workflow
        uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c
        with:
          required-permission: write
          comment-not-permitted: Sorry, you don't have permission to trigger this workflow.

  # These tests ensure that the faucet works with the nodes running on devnet.
  run-tests-devnet:
    if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests')
    needs: [permission-check]
    runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }}
    steps:
      - uses: actions/checkout@v4
      - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main
        with:
          GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
          GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }}
          GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }}
      - uses: ./.github/actions/run-faucet-tests
        with:
          NETWORK: devnet
          GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}

  # These tests ensure that the faucet works with the nodes running on testnet.
  run-tests-testnet:
    if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests')
    needs: [permission-check]
    runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }}
    permissions:
      contents: read
      id-token: write
    steps:
      - uses: actions/checkout@v4
      - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main
        with:
          GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
          GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }}
          GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }}
      - uses: ./.github/actions/run-faucet-tests
        with:
          NETWORK: testnet
          GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}