name: tests

on:
  push:
    branches: [master, main]
    tags-ignore: ['**']
  pull_request: {}

jobs: # Docs: <https://git.io/JvxXE>
  gitleaks:
    name: Gitleaks
    runs-on: ubuntu-20.04
    steps:
      - name: Check out code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Check for GitLeaks
        uses: zricethezav/gitleaks-action@v1.6.0 # Action page: <https://github.com/zricethezav/gitleaks-action>

  build-image:
    name: Build docker image
    runs-on: ubuntu-20.04
    steps:
      - name: Check out code
        uses: actions/checkout@v3

      - name: Build docker image
        run: docker build -f ./Dockerfile --tag 3proxy:local .

      - name: Scan image
        uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
        with:
          image: 3proxy:local
          fail-build: true
          severity-cutoff: low # negligible, low, medium, high or critical

      - name: Save docker image
        run: docker save 3proxy:local > ./docker-image.tar

      - name: Upload artifact
        uses: actions/upload-artifact@v2
        with:
          name: docker-image
          path: ./docker-image.tar
          retention-days: 1

  scan-image:
    name: Scan docker image
    runs-on: ubuntu-20.04
    needs: [build-image]
    steps:
      - name: Download built docker image
        uses: actions/download-artifact@v2
        with:
          name: docker-image
          path: .artifact

      - name: Prepare image to run
        working-directory: .artifact
        run: docker load < docker-image.tar

      - name: Scan image
        uses: anchore/scan-action@v3 # action page: <https://github.com/anchore/scan-action>
        with:
          image: 3proxy:local
          fail-build: true
          severity-cutoff: low # negligible, low, medium, high or critical

  try-to-use:
    name: Build and use docker image (auth ${{ matrix.auth }})
    runs-on: ubuntu-20.04
    strategy:
      fail-fast: false
      matrix:
        auth: [yes, no]
    needs: [build-image]
    steps:
      - name: Download builded docker image
        uses: actions/download-artifact@v2
        with:
          name: docker-image
          path: .artifact

      - name: Prepare image to run
        working-directory: .artifact
        run: docker load < docker-image.tar

      - name: Start server without auth setup
        if: matrix.auth != 'yes'
        run: docker run --rm -d -p "3128:3128/tcp" -p "1080:1080/tcp" 3proxy:local

      - name: Start server with auth setup
        if: matrix.auth == 'yes'
        run: docker run --rm -d -p "3128:3128/tcp" -p "1080:1080/tcp" -e "PROXY_LOGIN=evil" -e "PROXY_PASSWORD=live" 3proxy:local

      - name: Pause
        run: sleep 3

      - name: Try to use HTTP proxy
        if: matrix.auth != 'yes'
        run: |
          curl -v --fail \
            --proxy http://127.0.0.1:3128 \
            --connect-timeout 3 \
            --max-time 3 \
            https://www.cloudflare.com/robots.txt

      - name: Try to use SOCKS proxy
        if: matrix.auth != 'yes'
        run: |
          curl -v --fail \
            --proxy socks5://127.0.0.1:1080 \
            --connect-timeout 3 \
            --max-time 3 \
            https://www.cloudflare.com/robots.txt

      - name: Try to use HTTP proxy (with auth)
        if: matrix.auth == 'yes'
        run: |
          curl -v --fail \
            --proxy http://127.0.0.1:3128 \
            --proxy-user evil:live \
            --connect-timeout 3 \
            --max-time 3 \
            https://www.cloudflare.com/robots.txt

      - name: Try to use SOCKS proxy (with auth)
        if: matrix.auth == 'yes'
        run: |
          curl -v --fail \
            --proxy socks5://127.0.0.1:1080 \
            --proxy-user evil:live \
            --connect-timeout 3 \
            --max-time 3 \
            https://www.cloudflare.com/robots.txt

      - name: Stop container
        run: docker stop $(docker ps -a --filter ancestor=3proxy:local -q)