sharenet/.forgejo/workflows/ci.yml

name: Podman Rootless Demo
on: [push, pull_request]

jobs:
  test-backend:
    runs-on: [ci]

    # Point all steps at the host's rootless Podman socket
    env:
      # Point the client at the mounted socket
      CONTAINER_HOST: unix:///run/user/1001/podman/podman.sock
      # Make sure podman looks in the correct runtime dir hierarchy
      XDG_RUNTIME_DIR: /tmp
      RUN_ID: ${{ github.run_id }}
      POSTGRES_IMG_DIGEST: ${{ secrets.POSTGRES_IMG_DIGEST }}
      RUST_IMG_DIGEST: ${{ secrets.RUST_IMG_DIGEST }}

    steps:
      - name: Checkout code
        uses: actions/checkout@v4


      - name: Verify socket visibility
        run: |
          set -euo pipefail
          id -u; id -g
          ls -ld /run/user/1001/podman
          ls -l  /run/user/1001/podman/podman.sock
          test -S /run/user/1001/podman/podman.sock

      - name: Use host rootless Podman
        run: |
          set -euo pipefail
          podman --remote info --format '{{.Host.RemoteSocket.Path}} (remote={{.Host.RemoteSocket.Exists}})'
          podman --remote version
          podman --remote run --rm alpine:3.20 echo "Hello from host rootless Podman!"

      - name: Create internal network
        run: podman --remote network create --internal integ-${{ env.RUN_ID }}

      - name: Start PostgreSQL
        run: |  
          podman --remote run -d \
            --name test-postgres-${{ env.RUN_ID }} \
            --network integ-${{ env.RUN_ID }} \
            -e POSTGRES_PASSWORD=password \
            -e POSTGRES_USER=postgres \
            -e POSTGRES_DB=sharenet_test \
            "$POSTGRES_IMG_DIGEST"

      - name: Wait for PostgreSQL
        run: |
          timeout 60 bash -euc '
            until podman --remote exec test-postgres-${{ env.RUN_ID }} \
              pg_isready -h 127.0.0.1 -p 5432 -U postgres; do
              sleep 1
            done
          '

      - name: Ensure host Cargo cache directory exists
        run: |
          podman --remote run --rm \
            -v /home/ci-service/.cache:/c \
            alpine:3.20 sh -lc 'mkdir -p /c/cargo'

      - name: Run backend tests (tar-pipe, no bind mount of source)
        run: |
          set -euo pipefail
          set -o pipefail
          tar --exclude .git --exclude target -C "$GITHUB_WORKSPACE" -cf - . | \
          podman --remote run --rm -i \
            --network integ-${{ env.RUN_ID }} \
            -e CARGO_HOME=/cargo \
            -e DATABASE_URL=postgres://postgres:password@test-postgres-${{ env.RUN_ID }}:5432/sharenet_test \
            -v /home/ci-service/.cache/cargo:/cargo \
            "$RUST_IMG_DIGEST" \
            sh -euxc '
              mkdir -p /workspace
              tar -x -C /workspace
              cd /workspace
              cargo test --lib -- --test-threads=1
            '

      - name: Cleanup
        if: always()
        run: |
          podman --remote rm -f test-postgres-${{ env.RUN_ID }} 2>/dev/null || true
          podman --remote network rm integ-${{ env.RUN_ID }} 2>/dev/null || true

      - name: Debug DB (on failure)
        if: failure()
        run: podman --remote logs --tail=200 test-postgres-${{ env.RUN_ID }} || true