name: migrations
on: pull_request

# Cancel in progress workflows on pull_requests.
# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-a-fallback-value
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

defaults:
  run:
    # the default default is:
    #      bash --noprofile --norc -eo pipefail {0}
    shell: bash --noprofile --norc -eo pipefail -ux {0}

jobs:
  did-migration-change:
    name: check if any migration changes
    runs-on: ubuntu-22.04
    timeout-minutes: 3
    # Map a step output to a job output
    outputs:
      added: ${{ steps.changes.outputs.migrations_added }}
      modified: ${{ steps.changes.outputs.migrations_modified }}
    steps:
      - name: Checkout sentry
        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0

      - name: Match migration files
        uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0.0
        id: changes
        with:
          token: ${{ github.token }}
          filters: .github/file-filters.yml

  check-migration-approval:
    name: check if migration is approved
    runs-on: ubuntu-22.04
    timeout-minutes: 3
    needs: did-migration-change
    if: needs.did-migration-change.outputs.added == 'true'
    steps:
      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          persist-credentials: false

      - name: getsentry token
        uses: getsentry/action-github-app-token@97c9e23528286821f97fba885c1b1123284b29cc # v2.0.0
        id: getsentry
        with:
          app_id: ${{ vars.SENTRY_INTERNAL_APP_ID }}
          private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}

      - uses: actions/github-script@d556feaca394842dc55e4734bf3bb9f685482fa0 # v6.3.3
        with:
          github-token: ${{ steps.getsentry.outputs.token }}
          script: |
            const {check} = require(`${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/team-approval-check`);
            await check({ github, context, core, team_slug: 'owners-migrations' });

  modified-migration:
    name: check if modified migration
    runs-on: ubuntu-22.04
    timeout-minutes: 4
    needs: did-migration-change
    if: needs.did-migration-change.outputs.modified == 'true'

    steps:
      - name: Failure because of modified migration
        run: |
          echo "If you have a valid reason to modify a migration please get approval"
          echo "from @getsentry/owners-migrations." && exit 1

  sql:
    name: Generate SQL
    runs-on: ubuntu-22.04
    timeout-minutes: 8
    strategy:
      matrix:
        pg-version: ['14']

    needs: did-migration-change
    if: needs.did-migration-change.outputs.added == 'true'

    steps:
      # Checkout master to run all merged migrations.
      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          ref: master

      - name: Setup sentry env
        uses: ./.github/actions/setup-sentry
        with:
          pg-version: ${{ matrix.pg-version }}

      - name: Apply migrations
        run: |
          sentry upgrade --noinput

      # Checkout the current ref
      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          clean: false

      - name: Get changed migration files
        id: file
        run: |
          echo 'added<<EOF' >> "$GITHUB_OUTPUT"
          git diff --diff-filter=A --name-only origin/master HEAD -- 'src/sentry/*/migrations/' 'src/sentry/migrations/' >> "$GITHUB_OUTPUT"
          echo 'EOF' >> "$GITHUB_OUTPUT"

      - name: Generate SQL for migration
        uses: getsentry/action-migrations@4d8ed0388dfc0774302bbfd5204e518f9ac4f066 # main
        env:
          SENTRY_LOG_LEVEL: ERROR
        with:
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          migration: ${{ steps.file.outputs.added }}