name: test-e2e
on:
  pull_request:
    paths-ignore:
      - 'README.md'
      - 'CHANGELOG.md'
      - '.changelog/**'
      - '.tours/**'
      - 'contributing/**'
      - 'demo/**'
      - 'dev/**'
      - 'integrations/**'
      - 'pkg/**'
      - 'scripts/**'
      - 'terraform/**'
      - 'ui/**'
      - 'website/**'
  push:
    branches:
      - main
      - release/**
    paths-ignore:
      - 'README.md'
      - 'CHANGELOG.md'
      - '.changelog/**'
      - '.tours/**'
      - 'contributing/**'
      - 'demo/**'
      - 'dev/**'
      - 'integrations/**'
      - 'pkg/**'
      - 'scripts/**'
      - 'terraform/**'
      - 'ui/**'
      - 'website/**'

jobs:
  test-e2e-vault:
    runs-on: ${{ endsWith(github.repository, '-enterprise') && fromJSON('["self-hosted", "ondemand", "linux"]') || 'ubuntu-latest' }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Retrieve Vault-hosted Secrets
        if: endsWith(github.repository, '-enterprise')
        id: vault
        uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
        with:
          url: ${{ vars.CI_VAULT_URL }}
          method: ${{ vars.CI_VAULT_METHOD }}
          path: ${{ vars.CI_VAULT_PATH }}
          jwtGithubAudience: ${{ vars.CI_VAULT_AUD }}
          secrets: |-
            kv/data/github/hashicorp/nomad-enterprise/gha ELEVATED_GITHUB_TOKEN ;
      - name: Git config token
        if: endsWith(github.repository, '-enterprise')
        run: git config --global url.'https://${{ env.ELEVATED_GITHUB_TOKEN }}@github.com'.insteadOf 'https://github.com'
      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
        with:
          cache: ${{ contains(runner.name, 'Github Actions') }}
          go-version-file: .go-version
          cache-dependency-path: '**/go.sum'
      - run: make deps
      - name: Vault Compatability
        run: make integration-test
      - run: make e2e-test

  test-e2e-consul:
    runs-on: 'ubuntu-22.04' # this job requires sudo, so not currently suitable for self-hosted runners
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Git config token
        if: endsWith(github.repository, '-enterprise')
        run: git config --global url.'https://${{ secrets.ELEVATED_GITHUB_TOKEN }}@github.com'.insteadOf 'https://github.com'
      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
        with:
          cache: ${{ contains(runner.name, 'Github Actions') }}
          go-version-file: .go-version
          cache-dependency-path: '**/go.sum'
      - name: Consul Compatability
        run: |
          make deps
          sudo make cni
          sudo sed -i 's!Defaults!#Defaults!g' /etc/sudoers
          sudo -E env "PATH=$PATH" make integration-test-consul

permissions:
  contents: read
  id-token: write