singleTenant_deploy_and_Integration_test_LatestVersion.yml

name: Single Tenant Deploy and Integration Test LatestVersion

# This workflow now runs ONLY after the main "Single Tenant Deploy and Integration Test" workflow
# (singleTenant_deploy_and_integration.yml) has completed successfully. It can still be
# triggered manually via workflow_dispatch if needed.
on:
  workflow_run:
    workflows: ["Single Tenant Deploy and Integration Test"]
    types: [completed]
  workflow_dispatch:

permissions:
  pull-requests: read
  packages: read  # Added permission to read packages

jobs:
  deploy:
    # Run only if the triggering workflow concluded successfully
    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
    runs-on: ubuntu-latest

    steps:
        
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          ref: develop

      - name: Set up Java 17
        uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: 'temurin'

      - name: Verify and Checkout Deploy Branch
        run: |
          git fetch origin
          if git rev-parse --verify origin/develop_deploy; then
            git checkout develop_deploy
          else
            echo "Branch 'develop_deploy' not found. Please verify the branch name."
            exit 1
          fi

      - name: Override cds.services.version (runtime only)
        env:
          TARGET_CDS_SERVICES_VERSION: 4.3.1
        run: |
          set -e
          echo "=== cds.services.version Override Step ==="
          echo "Target version to apply: ${TARGET_CDS_SERVICES_VERSION}"
          FILES=$(grep -Rl "<cds.services.version>" . | grep pom.xml || true)
          if [ -z "$FILES" ]; then
            echo "No pom.xml files with <cds.services.version> found" >&2; exit 1;
          fi
          echo "POM files containing property:"; echo "$FILES" | sed 's/^/  - /'

          echo "\nCurrent raw occurrences BEFORE override:"
          for f in $FILES; do
            # Show each occurrence with line number (first 3 if multiple)
            MATCHES=$(grep -n "<cds.services.version>" "$f" | head -3 || true)
            if [ -n "$MATCHES" ]; then
              echo "--- $f"; echo "$MATCHES"
            fi
          done

          echo "\nResolving effective value BEFORE override via mvn help:evaluate ..."
          RESOLVED_BEFORE=$(mvn -q -DforceStdout help:evaluate -Dexpression=cds.services.version || true)
          echo "Effective cds.services.version before override: '${RESOLVED_BEFORE}'"
          if [ "${RESOLVED_BEFORE}" = "${TARGET_CDS_SERVICES_VERSION}" ]; then
            echo "NOTE: Effective value already equals target; files will still be normalized to target string."
          fi

          echo "\nApplying override ..."
            # Perform in-place replacement for each file
          for f in $FILES; do
            sed -i "s|<cds.services.version>[^<]*</cds.services.version>|<cds.services.version>${TARGET_CDS_SERVICES_VERSION}</cds.services.version>|" "$f"
          done

          echo "\nRaw occurrences AFTER override:"
          grep -R "<cds.services.version>" $FILES || true

          echo "\nResolving effective value AFTER override via mvn help:evaluate ..."
          RESOLVED_AFTER=$(mvn -q -DforceStdout help:evaluate -Dexpression=cds.services.version || true)
          echo "Effective cds.services.version after override: '${RESOLVED_AFTER}'"
          if [ "${RESOLVED_AFTER}" != "${TARGET_CDS_SERVICES_VERSION}" ]; then
            echo "WARNING: Resolved value does not match target (profiles or parent POM could be overriding it)." >&2
          fi

          echo "(Not committing these changes)"
          echo "=== Override Step Complete ==="
        shell: bash

      - name: Deleting the sdm directory for fresh build
        run: |
          pwd
          cd
          rm -rf .m2/repository/com/sap/cds

      - name: Configure Maven for GitHub Packages
        run: |
          mkdir -p ~/.m2
          cat > ~/.m2/settings.xml <<EOF
          <settings>
            <servers>
              <server>
                <id>github-snapshot</id>
                <username>${{ github.actor }}</username>
                <password>${{ secrets.GITHUB_TOKEN }}</password>
              </server>
            </servers>
          </settings>
          EOF
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}


      # - name: Consume GitHub Packages (com.sap.cds.sdm-root and com.sap.cds.sdm)
      #   run: |
      #     mvn dependency:get -Dartifact=com.sap.cds:sdm-root:LATEST -DrepoUrl=https://maven.pkg.github.com/cap-java/sdm
      #     mvn dependency:get -Dartifact=com.sap.cds:sdm:LATEST -DrepoUrl=https://maven.pkg.github.com/cap-java/sdm

      - name: Prepare and Deploy to Cloud Foundry
        run: |
          echo "Current Branch......"
          git branch
          pwd
          cd /home/runner/work/sdm/sdm/cap-notebook/demoapp
          # Removing node_modules & package-lock.json
          cd app
          rm -rf node_modules package-lock.json

          npm i

          cd ..
          
          # Replace placeholder with actual REPOSITORY_ID value
          sed -i 's|__REPOSITORY_ID__|'${{ steps.set_repository_id.outputs.repository_id }}'|g' ./mta.yaml
          
          wget -P /tmp https://github.com/SAP/cloud-mta-build-tool/releases/download/v1.2.28/cloud-mta-build-tool_1.2.28_Linux_amd64.tar.gz
          tar -xvzf /tmp/cloud-mta-build-tool_1.2.28_Linux_amd64.tar.gz
          sudo mv mbt /usr/local/bin/

          mbt build
          
          # Install cf & login 
          wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key \
          | sudo tee /etc/apt/trusted.gpg.d/cloudfoundry.asc
          echo "deb https://packages.cloudfoundry.org/debian stable main" \
          | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
          sudo apt update
          sudo apt install cf8-cli
          
          # Install cf CLI plugin
          cf install-plugin multiapps -f

          # Login to Cloud Foundry again to ensure session is active
          cf login -a ${{ secrets.CF_API }} -u ${{ secrets.CF_USER }} -p ${{ secrets.CF_PASSWORD }} -o ${{ secrets.CF_ORG }} -s ${{ secrets.CF_SPACE }}

          # Deploy the application
          echo "Running cf deploy"
          cf deploy mta_archives/demoappjava_1.0.0.mtar -f

  integration-test:
    needs: deploy
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        tokenFlow: [namedUser, technicalUser]
        testClass: 
          - IntegrationTest_SingleFacet
          - IntegrationTest_MultipleFacet
          - IntegrationTest_Chapters_MultipleFacet

    steps:
      - name: Checkout repository
        uses: actions/checkout@v6

      - name: Set up Java 17
        uses: actions/setup-java@v3
        with:
          java-version: 17
          distribution: 'temurin'
          cache: 'maven'

      - name: Cache CF CLI 📦
        id: cache-cf-cli
        uses: actions/cache@v4
        with:
          path: /usr/bin/cf8
          key: cf-cli-v8-${{ runner.os }}

      - name: Install Cloud Foundry CLI
        if: steps.cache-cf-cli.outputs.cache-hit != 'true'
        run: |
          wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
          echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
          sudo apt-get update
          sudo apt-get install cf8-cli

      - name: Install jq 📦
        run: |
          if ! command -v jq &> /dev/null; then
            sudo apt-get update && sudo apt-get install -y jq
          fi

      - name: Login to Cloud Foundry
        run: |
          cf login -a ${{ secrets.CF_API }} \
            -u ${{ secrets.CF_USER }} \
            -p ${{ secrets.CF_PASSWORD }} \
            -o ${{ secrets.CF_ORG }} \
            -s ${{ secrets.CF_SPACE }}

      - name: Fetch and Escape Client Secret
        id: fetch_secret
        run: |
          # Fetch the service instance GUID
          service_instance_guid=$(cf service demoappjava-public-uaa --guid)
          if [ -z "$service_instance_guid" ]; then
            echo "Error: Unable to retrieve service instance GUID"; exit 1;
          fi
          # Fetch the binding GUID
          bindings_response=$(cf curl "/v3/service_credential_bindings?service_instance_guids=${service_instance_guid}")
          
          binding_guid=$(echo $bindings_response | jq -r '.resources[0].guid')
          if [ -z "$binding_guid" ]; then
            echo "Error: Unable to retrieve binding GUID"; exit 1;
          fi
          
          # Fetch the clientSecret
          binding_details=$(cf curl "/v3/service_credential_bindings/${binding_guid}/details")
          clientSecret=$(echo "$binding_details" | jq -r '.credentials.clientsecret')
          if [ -z "$clientSecret" ] || [ "$clientSecret" == "null" ]; then
            echo "Error: clientSecret is not set or is null"; exit 1;
          fi
          
          # Escape any $ characters in the clientSecret
          escapedClientSecret=$(echo "$clientSecret" | sed 's/\$/\\$/g')
          echo "CLIENT_SECRET=$escapedClientSecret" >> $GITHUB_OUTPUT
      - name: Run integration tests (${{ matrix.tokenFlow }} - ${{ matrix.testClass }})
        env:
          CLIENT_SECRET: ${{ steps.fetch_secret.outputs.CLIENT_SECRET }}
        run: |
          echo "Starting integration tests for ${{ matrix.tokenFlow }} - ${{ matrix.testClass }}..."
          set -e  # Enable error checking
          PROPERTIES_FILE="sdm/src/test/resources/credentials.properties"
          # Gather secrets and other values
          appUrl="${{ secrets.CF_ORG }}-${{ secrets.CF_SPACE }}-demoappjava-srv.cfapps.eu12.hana.ondemand.com"
          authUrl="${{ secrets.CAPAUTH_URL }}"
          clientID="${{ secrets.CAPSDM_CLIENT_ID }}"
          clientSecret="${{ env.CLIENT_SECRET }}"
          username="${{ secrets.CF_USER }}"
          password="${{ secrets.CF_PASSWORD }}"
          noSDMRoleUsername="${{ secrets.NOSDMROLEUSERNAME }}"
          noSDMRoleUserPassword="${{ secrets.NOSDMROLEUSERPASSWORD }}"
          # Ensure all required variables are set
          if [ -z "$appUrl" ]; then echo "Error: appUrl is not set"; exit 1; fi
          if [ -z "$authUrl" ]; then echo "Error: authUrl is not set"; exit 1; fi
          if [ -z "$clientID" ]; then echo "Error: clientID is not set"; exit 1; fi
          if [ -z "$clientSecret" ]; then echo "Error: clientSecret is not set"; exit 1; fi
          if [ -z "$username" ]; then echo "Error: username is not set"; exit 1; fi
          if [ -z "$password" ]; then echo "Error: password is not set"; exit 1; fi
          if [ -z "$noSDMRoleUsername" ]; then echo "Error: noSDMRoleUsername is not set"; exit 1; fi
          if [ -z "$noSDMRoleUserPassword" ]; then echo "Error: noSDMRoleUserPassword is not set"; exit 1; fi
          # Update properties file with real values
          cat > "$PROPERTIES_FILE" <<EOL
          appUrl=$appUrl
          authUrl=$authUrl
          clientID=$clientID
          clientSecret=$clientSecret
          username=$username
          password=$password
          noSDMRoleUsername=$noSDMRoleUsername
          noSDMRoleUserPassword=$noSDMRoleUserPassword
          EOL
          # Run Maven integration tests
          echo "Running Maven integration tests for ${{ matrix.tokenFlow }} - ${{ matrix.testClass }}..."
          mvn clean verify -P integration-tests -DtokenFlow=${{ matrix.tokenFlow }} -DtenancyModel=single -DskipUnitTests -Dfailsafe.includes="**/${{ matrix.testClass }}.java"