name: Test Puppet

on:
  push:
    branches:
      - main
      - patch-*
  pull_request:
    paths:
      - 'ee/tools/puppet/fleetdm/**'
      - '.github/workflows/test-puppet.yml'
  workflow_dispatch: # Manual

# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}}
  cancel-in-progress: true

defaults:
  run:
    # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

permissions:
  contents: read

jobs:
  test-puppet:
    runs-on: macos-latest
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
      with:
        egress-policy: audit

    - name: Install Puppet Development Kit
      run: brew install --cask puppetlabs/puppet/pdk 

    - name: Checkout Code
      uses: actions/checkout@629c2de402a417ea7690ca6ce3f33229e27606a5 # v2
      with:
        fetch-depth: 0

    - name: Install Ruby Gems
      working-directory: ./ee/tools/puppet/fleetdm/
      run: /opt/puppetlabs/pdk/bin/pdk bundle install

    - name: Run Tests
      working-directory: ./ee/tools/puppet/fleetdm/
      run: /opt/puppetlabs/pdk/bin/pdk test unit

    - name: Run Rubocop
      working-directory: ./ee/tools/puppet/fleetdm/
      run: /opt/puppetlabs/pdk/bin/pdk bundle exec rubocop

    - name: Run Linter
      working-directory: ./ee/tools/puppet/fleetdm/
      run: /opt/puppetlabs/pdk/bin/pdk bundle exec puppet-lint .