.github/workflows/ci.yml

name: CI
on:
  - push

jobs:
  test:
    runs-on: ubuntu-latest
    services:
      db:
        image: postgres:16
        env:
          POSTGRES_PASSWORD: postgres
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    steps:
      - name: Install packages
        run: sudo apt-get update && sudo apt-get install --no-install-recommends -y google-chrome-stable curl libjemalloc2 libvips postgresql-client

      - name: Checkout code
        uses: actions/checkout@v4
        with:
          lfs: true

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true

      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: Enable Corepack
        run: corepack enable
      - name: Get yarn cache directory path
        id: yarn-cache-dir-path
        run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT
      - name: Manage yarn, webpack and assets cache
        uses: actions/cache@v4
        # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
        id: yarn-cache
        with:
          path: |
            ${{ steps.yarn-cache-dir-path.outputs.dir }}
            public/assets
            public/packs-test
            tmp/cache
            tmp/shakapacker
          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-
      - name: Install yarn packages
        run: yarn install --immutable

      - name: Prepare config files
        run: |
          cp config/action_mailer.yml.ci config/action_mailer.yml
          cp config/content_security_policy.yml.ci config/content_security_policy.yml
          cp config/database.yml.ci config/database.yml
          cp config/mnemosyne.yml.ci config/mnemosyne.yml

      - name: Prepare database
        env:
          RAILS_ENV: test
        run: bundler exec rake db:prepare
      - name: Precompile assets
        env:
          RAILS_ENV: test
        run: bundler exec rake assets:precompile
      - name: Run tests
        env:
          RAILS_ENV: test
          CC_TEST_REPORTER_ID: true
        run: bundle exec rspec --color --format RSpec::Github::Formatter --format progress

      - name: Upload coverage reports to Codecov
        uses: codecov/codecov-action@v4
        if: ${{ success() || failure() }}
        with:
          token: ${{ secrets.CODECOV_TOKEN }}

      - name: Keep screenshots from failed system specs
        uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: screenshots
          path: ${{ github.workspace }}/tmp/screenshots
          if-no-files-found: ignore

  lint:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true

      - name: Run rubocop
        uses: reviewdog/action-rubocop@v2
        with:
          filter_mode: nofilter
          rubocop_version: gemfile
          rubocop_extensions: rubocop-rails:gemfile rubocop-rspec:gemfile rubocop-performance:gemfile
          rubocop_flags: --parallel
          reporter: github-check
          skip_install: true
          use_bundler: true
          fail_on_error: true

  slim-lint:
    permissions:
      # Required: Allow read access to the content for analysis.
      contents: read
      # Required: Allow write access to checks to allow the action to annotate code in the PR.
      checks: write

    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true

      - name: Run slim-lint
        run: bundle exec slim-lint app/views --reporter checkstyle > checkstyle-result.xml

      - name: Upload slim-lint results as GitHub annotations
        uses: lcollins/checkstyle-github-action@v3.1.0
        # Only create GitHub annotations for the main repo (disable for forks):
        if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository }}
        with:
          name: Slim-Lint Report
          title: Analyze Slim templates for linting issues
          path: checkstyle-result.xml

  scan_ruby:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: .ruby-version
          bundler-cache: true

      - name: Scan for common Rails security vulnerabilities using static analysis
        uses: reviewdog/action-brakeman@v2
        with:
          filter_mode: nofilter
          reporter: github-check
          skip_install: true
          use_bundler: true
          fail_on_error: true