name: reusable-unit 

on:
  workflow_call:
    inputs:
      directory:
        required: true
        type: string
      runs-on:
        description: An expression indicating which kind of runners to use.
        required: true
        type: string
      go-arch:
        required: false
        type: string
        default: ""
      uploaded-binary-name:
        required: false
        type: string
        default: "consul-bin" 
      package-names-command:
        required: false
        type: string
        default: 'go list -tags "$GOTAGS" ./...'
      go-test-flags:
        required: false
        type: string
        default: ""
      repository-name:
        required: true
        type: string
      go-tags:
        required: false
        type: string
        default: ""
      go-version:
        required: false
        type: string
        default: ""
    secrets:
      elevated-github-token:
        required: true
      consul-license:
        required: true
      datadog-api-key:
        required: true
env:
  TEST_RESULTS: /tmp/test-results
  GOTESTSUM_VERSION: "1.10.1"
  GOARCH: ${{inputs.go-arch}}
  CONSUL_LICENSE: ${{secrets.consul-license}}
  GOTAGS: ${{ inputs.go-tags}}
  GOPRIVATE: github.com/hashicorp # Required for enterprise deps
  DATADOG_API_KEY: ${{secrets.datadog-api-key}}
  
jobs:
  go-test:
    runs-on: ${{ fromJSON(inputs.runs-on) }}
    steps:      
      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
      # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos.
      - name: Setup Git
        if: ${{ endsWith(inputs.repository-name, '-enterprise') }}
        run: git config --global url."https://${{ secrets.elevated-github-token }}:@github.com".insteadOf "https://github.com"
      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        if: ${{ inputs.go-version != '' }}
        with:
          go-version: ${{ inputs.go-version }}
          cache: true
      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
        if: ${{ inputs.go-version == '' }}
        with:
          go-version-file: 'go.mod'
          cache: true
      - run: mkdir -p ${{env.TEST_RESULTS}}
      - name: go mod download
        working-directory: ${{inputs.directory}}
        run: go mod download
      - name: Download consul
        uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
        with:
          name: ${{inputs.uploaded-binary-name}}
          path: ${{inputs.directory}}
      - name: Display downloaded file
        run: ls -ld consul 
        working-directory: ${{inputs.directory}}
      - run: echo "$GITHUB_WORKSPACE/${{inputs.directory}}" >> $GITHUB_PATH
      - name: Make sure consul is executable
        run: chmod +x $GITHUB_WORKSPACE/${{inputs.directory}}/consul
      - run: go env
      - name: Run tests 
        working-directory: ${{inputs.directory}}
        run: |
            PACKAGE_NAMES=$(${{inputs.package-names-command}})
            
            # some tests expect this umask, and arm images have a different default
            umask 0022

            ${{inputs.go-test-flags}}

            go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \
              --format=short-verbose \
              --jsonfile /tmp/jsonfile/go-test.log \
              --debug \
              --rerun-fails=3 \
              --rerun-fails-max-failures=40 \
              --rerun-fails-report=/tmp/gotestsum-rerun-fails \
              --packages="$PACKAGE_NAMES" \
              --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \
              -tags="${{env.GOTAGS}}" \
              ${GO_TEST_FLAGS-} \
              -cover -coverprofile=coverage.txt \
              -timeout=30m

      # NOTE: ENT specific step as we store secrets in Vault.
      - name: Authenticate to Vault
        if: ${{ endsWith(github.repository, '-enterprise') }}
        id: vault-auth
        run: vault-auth

      # NOTE: ENT specific step as we store secrets in Vault.
      - name: Fetch Secrets
        if: ${{ endsWith(github.repository, '-enterprise') }}
        id: secrets
        uses: hashicorp/vault-action@v2.5.0
        with:
          url: ${{ steps.vault-auth.outputs.addr }}
          caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }}
          token: ${{ steps.vault-auth.outputs.token }}
          secrets: |
              kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY;

      - name: prepare datadog-ci
        if: ${{ !endsWith(github.repository, '-enterprise') }}
        run: |
          curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci"
          chmod +x /usr/local/bin/datadog-ci

      - name: upload coverage
        # do not run on forks
        if: ${{ env.DATADOG_API_KEY}}
        env:
          DD_ENV: ci
        run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" ${{env.TEST_RESULTS}}/gotestsum-report.xml

      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: test-results
          path: ${{env.TEST_RESULTS}}
      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
        with:
          name: jsonfile
          path: /tmp/jsonfile
      - name: "Re-run fails report"
        run: |
          .github/scripts/rerun_fails_report.sh /tmp/gotestsum-rerun-fails