.github/workflows/pr.yml

name: PR validation

on:
  pull_request:
    types: [ready_for_review, opened, synchronize, reopened, edited]
    branches:
      - main

concurrency:
  cancel-in-progress: true
  group: ${{ github.workflow }}-${{ github.ref }}

jobs:
  curl-npm-registry:
    name: curl npm registry
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: curl npm registry
        run: curl https://registry.npmjs.org/@mands%2fnx-playwright

      - name: Try gh command-line tool with SAML_ACCOUNT_TOKEN
        env:
          GH_TOKEN: ${{ secrets.SAML_ACCOUNT_TOKEN }}
          GITHUB_TOKEN: ''
        run: |
          # Reference: https://cli.github.com/manual/
          set -x
          gh auth token
          gh auth status
          gh org list
          gh status

      - name: Try gh command-line tool with GITHUB_TOKEN
        if: always()
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          GITHUB_TOKEN: ''
        run: |
          # Reference: https://cli.github.com/manual/
          set -x
          gh auth token
          gh auth status
          gh org list
          gh status

      - name: Check validity of SAML_ACCOUNT_TOKEN
        if: always()
        env:
          SAML_ACCOUNT_TOKEN: ${{ secrets.SAML_ACCOUNT_TOKEN }}
        run: |
          set -x
          # Trying solution described here:
          # https://onecompiler.com/questions/3uxsn58yz/how-to-test-a-github-access-token-is-valid
          curl -v -H "Authorization: token ${SAML_ACCOUNT_TOKEN}" https://api.github.com/issues

          # Now from here:
          # https://docs.github.com/en/rest/issues/issues?apiVersion=2022-11-28
          curl -L \
            -H "Accept: application/vnd.github+json" \
            -H "Authorization: Bearer ${SAML_ACCOUNT_TOKEN}" \
            -H "X-GitHub-Api-Version: 2022-11-28" \
            https://api.github.com/issues

  secret-scan:
    name: Secret scan
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - name: Scan for secrets
        uses: edplato/trufflehog-actions-scan@master
        with:
          scanArguments: '--regex -x=truffle-hog-exclude.txt'

  code-quality:
    name: Code quality
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: Run linters
        run: pnpm nx run-many --target=lint --all

      - name: Run unit tests
        run: pnpm nx run-many --target=test --codeCoverage --all

      - name: Build plugin
        run: pnpm nx build nx-playwright

  version-check:
    name: Version check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: Check version
        run: pnpm ts-node ci/version-check

  test-plugin-generation:
    name: Test plugin generation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - uses: ./.github/actions/prepare

      - name: Test plugin generation
        run: |
          set -x
          NX_WORKSPACE=test-nx
          NX_APP=test-app

          pushd ..
          echo "Create a new workspace to test with"
          pnpm create nx-workspace \
            --name=$NX_WORKSPACE --appName=$NX_APP \
            --preset=next --style=@emotion/styled \
            --e2eTestRunner=playwright --nextAppDir=false \
            --nxCloud=skip --interactive=false < /dev/null

          pushd $NX_WORKSPACE

          echo "Remove autogenerated e2e app"
          pnpm nx generate remove $NX_APP-e2e
          git \
            -c user.name="pr-bot" \
            -c user.email="pr-bot@mnscorp.net" \
            commit -am "Remove $NX_APP-e2e"
          popd
          popd

          #!/bin/bash

          echo "Add serve target to nx next app"
          ./scripts/add-serve-target.sh -w ../$NX_WORKSPACE -a $NX_APP

          echo "Test ./scripts/local-test.sh (with cleanup flag)"
          ./scripts/local-test.sh -w ../$NX_WORKSPACE -a $NX_APP
          test -z "$(git status --porcelain)"

  pr-validation:
    name: PR validation
    needs: [code-quality, secret-scan, version-check, test-plugin-generation]
    if: ${{ always() }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4.2.2

      - name: Check jobs for errors
        uses: actions/github-script@v6.4.1
        with:
          script: |
            const checkJobsForErrors = require('./.github/workflows/js/check-jobs-for-errors.js');
            const jobs = ${{ toJSON(needs) }};
            checkJobsForErrors({ core, jobs });