name: CI/CD Pipeline Simplified

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  REGISTRY: ${{ secrets.REGISTRY_HOST }}
  APP_NAME: ${{ secrets.APP_NAME }}
  IMAGE_TAG: ${{ github.sha }}
  RUN_ID: ${{ github.run_id }}
  # Your other env vars...

jobs:
  test-backend:
    runs-on: [ci]
    container:
      image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:eb0d942bd9a8cc69c63eb9ccf3877703898d676d0268cf379defdcda7e55f37f
    steps:
      - uses: actions/checkout@v4

      - name: Debug container environment
        run: |
          echo "Current user: $(id)"
          echo "Environment variables:"
          env | sort
          echo "Directory contents:"
          ls -la /
          ls -la /run/ || echo "No /run directory"
          ls -la /run/user/ || echo "No /run/user directory"
          echo "Testing Podman access:"
          podman --version || echo "Podman not available"
          which podman || echo "Podman not in PATH"
      
      - name: Verify Podman access
        run: |
          echo "Checking Podman socket..."
          ls -la /run/user/999/podman/
          test -S /run/user/999/podman/podman.sock && echo "Socket exists" || echo "Socket missing"
          podman --url unix:///run/user/999/podman/podman.sock info
          podman --url unix:///run/user/999/podman/podman.sock ps

      - name: Verify pinned digests
        run: |
          for v in RUST_IMG_DIGEST NODE_IMG_DIGEST POSTGRES_IMG_DIGEST; do
            [ -n "${!v}" ] || { echo "Missing $v"; exit 1; }
            echo "${!v}" | grep -Eq '^.+@sha256:[0-9a-f]{64}$' || { echo "$v must be a digest ref"; exit 1; }
          done

      - name: Create internal network
        run: podman --url unix:///run/user/999/podman/podman.sock network create --internal integ-${{ env.RUN_ID }}

      - name: Start PostgreSQL
        run: |
          podman --url unix:///run/user/999/podman/podman.sock run -d \
            --name test-postgres-${{ env.RUN_ID }} \
            --network integ-${{ env.RUN_ID }} \
            -e POSTGRES_PASSWORD=password \
            -e POSTGRES_USER=postgres \
            -e POSTGRES_DB=sharenet_test \
            "$POSTGRES_IMG_DIGEST"

      - name: Wait for PostgreSQL
        run: |
          timeout 60 bash -c '
            until podman --url unix:///run/user/999/podman/podman.sock exec test-postgres-${{ env.RUN_ID }} pg_isready -h 127.0.0.1 -p 5432 -U postgres; do
              sleep 1
            done
          '

      - name: Run backend tests
        run: |
          podman --url unix:///run/user/999/podman/podman.sock run --rm \
            -v "$PWD":/workspace \
            -w /workspace \
            --network integ-${{ env.RUN_ID }} \
            -e DATABASE_URL=postgres://postgres:password@test-postgres-${{ env.RUN_ID }}:5432/sharenet_test \
            "$RUST_IMG_DIGEST" \
            sh -c "cargo test --lib -- --test-threads=1"

      - name: Cleanup
        if: always()
        run: |
          podman --url unix:///run/user/999/podman/podman.sock rm -f test-postgres-${{ env.RUN_ID }} 2>/dev/null || true
          podman --url unix:///run/user/999/podman/podman.sock network rm integ-${{ env.RUN_ID }} 2>/dev/null || true