name: CI/CD Pipeline with Direct Podman Access

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  REGISTRY: ${{ secrets.REGISTRY_HOST }}
  APP_NAME: ${{ secrets.APP_NAME }}
  IMAGE_TAG: ${{ github.sha }}
  RUN_ID: ${{ github.run_id }}
  # Your other env vars...

jobs:
  test-backend:
    runs-on: [ci]
    container:
      image: git.gcdo.org/devteam/sharenet/ci-node-podman@sha256:eb0d942bd9a8cc69c63eb9ccf3877703898d676d0268cf379defdcda7e55f37f
    steps:
      - uses: actions/checkout@v4
      
      - name: Debug environment
        run: |
          echo "Current user: $(id)"
          echo "DOCKER_HOST: $DOCKER_HOST"
          ls -la /run/ || echo "No /run directory"
          which podman || echo "Podman not found"
          podman --version || echo "Podman command failed"

      - name: Test Podman access
        run: |
          # Test using the Docker CLI with the socket
          podman info || echo "podman info failed"
          podman ps || echo "podman ps failed"

      - name: Verify pinned digests
        run: |
          for v in RUST_IMG_DIGEST NODE_IMG_DIGEST POSTGRES_IMG_DIGEST; do
            [ -n "${!v}" ] || { echo "Missing $v"; exit 1; }
            echo "${!v}" | grep -Eq '^.+@sha256:[0-9a-f]{64}$' || { echo "$v must be a digest ref"; exit 1; }
          done

      - name: Create internal network
        run: docker network create --internal integ-${{ env.RUN_ID }}

      - name: Start PostgreSQL
        run: |
          docker run -d \
            --name test-postgres-${{ env.RUN_ID }} \
            --network integ-${{ env.RUN_ID }} \
            -e POSTGRES_PASSWORD=password \
            -e POSTGRES_USER=postgres \
            -e POSTGRES_DB=sharenet_test \
            "$POSTGRES_IMG_DIGEST"

      - name: Wait for PostgreSQL
        run: |
          timeout 60 bash -c '
            until docker exec test-postgres-${{ env.RUN_ID }} pg_isready -h 127.0.0.1 -p 5432 -U postgres; do
              sleep 1
            done
          '

      - name: Run backend tests
        run: |
          docker run --rm \
            -v "$PWD":/workspace \
            -w /workspace \
            --network integ-${{ env.RUN_ID }} \
            -e DATABASE_URL=postgres://postgres:password@test-postgres-${{ env.RUN_ID }}:5432/sharenet_test \
            "$RUST_IMG_DIGEST" \
            sh -c "cargo test --lib -- --test-threads=1"

      - name: Cleanup
        if: always()
        run: |
          docker rm -f test-postgres-${{ env.RUN_ID }} 2>/dev/null || true
          docker network rm integ-${{ env.RUN_ID }} 2>/dev/null || true