name: Code Quality Checks

on:
  pull_request: { }
  push:
    branches: [ main, develop ]

# Enrich gradle.properties for CI/CD
env:
  CI_GRADLE_ARG_PROPERTIES: >
    -Porg.gradle.jvmargs=-Xmx4g
    -Porg.gradle.parallel=false
    --no-daemon

jobs:
  check:
    name: Project Check Suite
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run code quality check suite
        run: ./tools/check/check_code_quality.sh

  # Knit for all the modules (https://github.com/Kotlin/kotlinx-knit)
  knit:
    name: Knit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run knit
        run: |
          ./gradlew knit

  # ktlint for all the modules
  ktlint:
    name: Kotlin Linter
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('ktlint-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('ktlint-develop-{0}', github.sha) || format('ktlint-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v3
      - name: Run ktlint
        run: |
          ./gradlew ktlintCheck --continue
      - name: Upload reports
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: ktlinting-report
          path: |
            */build/reports/ktlint/ktlint*/ktlint*.txt
      - name: Prepare Danger
        if: always()
        run: |
          npm install --save-dev @babel/core
          npm install --save-dev @babel/plugin-transform-flow-strip-types
          yarn add danger-plugin-lint-report --dev
      - name: Danger lint
        if: always()
        uses: danger/danger-js@11.1.1
        with:
          args: "--dangerfile tools/danger/dangerfile-lint.js"
        env:
          DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}

  # Gradle dependency analysis using https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin
  dependency-analysis:
    name: Dependency analysis
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('dep-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('dep-develop-{0}', github.sha) || format('dep-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v3
      - name: Dependency analysis
        run: ./gradlew dependencyCheckAnalyze $CI_GRADLE_ARG_PROPERTIES
      - name: Upload dependency analysis
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: dependency-analysis
          path: build/reports/dependency-check-report.html

  # Lint for Gplay and Fdroid release APK
  apk-lint:
    name: Lint APK (${{ matrix.target }})
    runs-on: ubuntu-latest
    if: github.ref != 'refs/heads/main'
    strategy:
      fail-fast: false
      matrix:
        target: [ Gplay, Fdroid ]
    # Allow all jobs on develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/develop' && format('apk-lint-develop-{0}-{1}', matrix.target, github.sha) || format('apk-lint-{0}-{1}', matrix.target, github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v3
      - uses: actions/cache@v3
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-
      - name: Lint ${{ matrix.target }} release
        run: ./gradlew clean lint${{ matrix.target }}Release --stacktrace $CI_GRADLE_ARG_PROPERTIES
      - name: Upload ${{ matrix.target }} linting report
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: release-lint-report-${{ matrix.target }}
          path: |
            vector/build/reports/*.*
      - name: Prepare Danger
        if: always()
        run: |
          npm install --save-dev @babel/core
          npm install --save-dev @babel/plugin-transform-flow-strip-types
          yarn add danger-plugin-lint-report --dev
      - name: Danger lint
        if: always()
        uses: danger/danger-js@11.1.1
        with:
          args: "--dangerfile tools/danger/dangerfile-lint.js"
        env:
          DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}

  detekt:
    name: Detekt Analysis
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('detekt-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('detekt-develop-{0}', github.sha) || format('detekt-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v3
      - name: Run detekt
        run: |
          ./gradlew detekt $CI_GRADLE_ARG_PROPERTIES
      - name: Upload reports
        if: always()
        uses: actions/upload-artifact@v3
        with:
          name: detekt-report
          path: |
            */build/reports/detekt/detekt.html
      - name: Prepare Danger
        if: always()
        run: |
          npm install --save-dev @babel/core
          npm install --save-dev @babel/plugin-transform-flow-strip-types
          yarn add danger-plugin-lint-report --dev
      - name: Danger lint
        if: always()
        uses: danger/danger-js@11.1.1
        with:
          args: "--dangerfile tools/danger/dangerfile-lint.js"
        env:
          DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}