# Copyright © SixtyFPS GmbH <info@slint.dev>
# SPDX-License-Identifier: GPL-3.0-only OR LicenseRef-Slint-Royalty-free-2.0 OR LicenseRef-Slint-Software-3.0

name: autofix.ci  # needed to securely identify the workflow

on:
  pull_request:
    branches: [master, "feature/*", "pre-release/*"]
  push:
    branches: [master, "feature/*", "pre-release/*"]
  workflow_dispatch:
  merge_group:

permissions:
  contents: read

concurrency:
  group: ci-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

env:
    CARGO_INCREMENTAL: false
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

jobs:
    format_fix:
        runs-on: ubuntu-latest
        timeout-minutes: 5
        steps:
            - uses: actions/checkout@v6
            - uses: jdx/mise-action@v4
              with:
                version: 2025.9.18
                log_level: debug
            - name: Install rust dependencies
              run: rustup toolchain install stable-x86_64-unknown-linux-gnu --profile default
            - name: Run fixes
              run: mise run --force --jobs=1 'ci:autofix:fix'
            - name: Suggest format changes
              uses: autofix-ci/action@7a166d7532b277f34e16238930461bf77f9d7ed8

    lint_typecheck:
        runs-on: ubuntu-latest
        timeout-minutes: 5
        steps:
            - uses: actions/checkout@v6
            - uses: jdx/mise-action@v4
              with:
                version: 2025.9.18
                log_level: debug
            - name: Install rust dependencies
              run: rustup toolchain install stable-x86_64-unknown-linux-gnu --profile default
            - name: Run lints
              run: mise run --force --jobs=1 'ci:autofix:lint'

    ci:
        needs: [format_fix, lint_typecheck]
        permissions:
            contents: read
            deployments: write
            pull-requests: read
        uses: ./.github/workflows/ci.yaml
        secrets:
            ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
            ANDROID_KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
            CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
            CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
            CLOUDFLARE_API_TOKEN_2: ${{ secrets.CLOUDFLARE_API_TOKEN_2 }}
            CLOUDFLARE_ACCOUNT_ID_2: ${{ secrets.CLOUDFLARE_ACCOUNT_ID_2 }}
            READ_WRITE_PRIVATE_KEY: ${{ secrets.READ_WRITE_PRIVATE_KEY }}

    done:
        # Note: We use `needs` + `if: always()` here to ensure the "done"
        # task is never just "skipped", which would count as success().
        # Instead, make the task fail depending on whether there is any failure
        # in the ci workflow.
        needs: [ci, format_fix, lint_typecheck]
        if: ${{ always() }}
        name: done
        runs-on: ubuntu-latest
        steps:
            - if: ${{ contains(needs.*.result, 'failure') }}
              run: echo "A required check failed! 🌋" && false
            - if: ${{ !contains(needs.*.result, 'failure') }}
              run: echo "All checks passed. 🎉"