name: Acceptance test

on:
  workflow_call:
    inputs:
      secret:
        required: true
        type: string
      secret-in-section:
        required: true
        type: string
      multiline-secret:
        required: true
        type: string
      export-env:
        required: true
        type: boolean

jobs:
  acceptance-test:
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
        auth: [connect, service-account]
        exclude:
          - os: macos-latest
            auth: connect
    runs-on: ${{ matrix.os }}
    steps:
      - name: Base checkout
        uses: actions/checkout@v4
      - name: Launch 1Password Connect instance
        if: ${{ matrix.auth == 'connect' }}
        env:
          OP_CONNECT_CREDENTIALS: ${{ secrets.OP_CONNECT_CREDENTIALS }}
        run: |
          echo "$OP_CONNECT_CREDENTIALS" > 1password-credentials.json
          docker compose -f tests/fixtures/docker-compose.yml up -d && sleep 10
      - name: Configure Service account
        if: ${{ matrix.auth == 'service-account' }}
        uses: ./configure
        with:
          service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
      - name: Configure 1Password Connect
        if: ${{ matrix.auth == 'connect' }}
        uses: ./configure # 1password/load-secrets-action/configure@<version>
        with:
          connect-host: http://localhost:8080
          connect-token: ${{ secrets.OP_CONNECT_TOKEN }}
      - name: Load secrets
        id: load_secrets
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          export-env: ${{ inputs.export-env }}
        env:
          SECRET: ${{ inputs.secret }}
          SECRET_IN_SECTION: ${{ inputs.secret-in-section }}
          MULTILINE_SECRET: ${{ inputs.multiline-secret }}
      - name: Assert test secret values [step output]
        if: ${{ !inputs.export-env }}
        env:
          SECRET: ${{ steps.load_secrets.outputs.SECRET }}
          SECRET_IN_SECTION: ${{ steps.load_secrets.outputs.SECRET_IN_SECTION }}
          MULTILINE_SECRET: ${{ steps.load_secrets.outputs.MULTILINE_SECRET }}
        run: ./tests/assert-env-set.sh
      - name: Assert test secret values [exported env]
        if: ${{ inputs.export-env }}
        run: ./tests/assert-env-set.sh
      - name: Remove secrets [exported env]
        if: ${{ inputs.export-env }}
        uses: ./ # 1password/load-secrets-action@<version>
        with:
          unset-previous: true
      - name: Assert removed secrets [exported env]
        if: ${{ inputs.export-env }}
        run: ./tests/assert-env-unset.sh