name: 'test'

on:
  push:
    branches:
    - 'main'
  pull_request:
    branches:
    - 'main'

jobs:
  unit:
    name: 'unit'
    runs-on: 'ubuntu-latest'

    steps:
    - uses: 'actions/checkout@v2'

    - uses: 'actions/setup-node@v2'
      with:
        node-version: '12.x'

    - name: 'npm install'
      run: 'npm install'

    - name: 'npm lint'
      run: 'npm run lint'

    - name: 'npm test'
      run: 'npm run test'

  credentials_file:
    name: 'credentials_file'
    permissions:
      id-token: 'write'
      contents: 'read'
    runs-on: '${{ matrix.operating-system }}'
    strategy:
      fail-fast: false
      matrix:
        operating-system:
        - 'ubuntu-latest'
        - 'windows-latest'
        - 'macos-latest'

    steps:
    - uses: 'actions/checkout@v2'

    - uses: 'actions/setup-node@v2'
      with:
        node-version: '12.x'

    - uses: 'google-github-actions/setup-gcloud@master'
      with:
        project_id: 'actions-oidc-test'

    - id: 'auth'
      name: 'auth'
      uses: './'
      with:
        create_credentials_file: true
        workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions'
        service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com'

    - id: 'gcloud'
      name: 'gcloud'
      run: |-
        gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}"
        gcloud secrets versions access "latest" --secret "my-secret"

  access_token:
    name: 'access_token'
    permissions:
      id-token: 'write'
      contents: 'read'
    runs-on: 'ubuntu-latest'
    strategy:
      fail-fast: false

    steps:
    - uses: 'actions/checkout@v2'

    - uses: 'actions/setup-node@v2'
      with:
        node-version: '12.x'

    - id: 'auth'
      name: 'auth'
      uses: './'
      with:
        token_format: 'access_token'
        workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions'
        service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com'

  id_token:
    name: 'id_token'
    permissions:
      id-token: 'write'
      contents: 'read'
    runs-on: 'ubuntu-latest'
    strategy:
      fail-fast: false

    steps:
    - uses: 'actions/checkout@v2'

    - uses: 'actions/setup-node@v2'
      with:
        node-version: '12.x'

    - id: 'auth'
      name: 'auth'
      uses: './'
      with:
        token_format: 'id_token'
        workload_identity_provider: 'projects/469401941463/locations/global/workloadIdentityPools/github-actions/providers/google-github-actions'
        service_account: 'github-secret-accessor@actions-oidc-test.iam.gserviceaccount.com'
        id_token_audience: 'my-aud'
        id_token_include_email: true