name: CI
on:
  workflow_dispatch:
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - synchronize

permissions:
  contents: read

jobs:
  dependency-review:
    name: Dependency Review
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Dependency review
        uses: actions/dependency-review-action@v4

  license-check:
    name: Check Licenses
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: lts/*
      - name: Install dependencies
        run: npm ci
      - name: Check Licenses
        run: npx license-checker --production --summary --onlyAllow="0BSD;Apache-2.0;Apache 2.0;Python-2.0;BSD-2-Clause;BSD-3-Clause;ISC;MIT"

  codeql:
    name: CodeQL
    runs-on: ubuntu-latest
    timeout-minutes: 360
    permissions:
      actions: read
      contents: read
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: javascript-typescript
          queries: security-and-quality

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:javascript-typescript"

  lint:
    name: Lint
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version: lts/*
          cache: npm
      - name: Install dependencies
        run: npm ci
      - name: Lint
        run: npm run lint

  test-unit:
    name: Test on Node ${{ matrix.node-version }} and ${{ matrix.os }}
    strategy:
      matrix:
        node-version:
          - 18
          - 20
          - 22
        os:
          - ubuntu-latest
          - macos-latest
          - windows-latest
      fail-fast: false
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v4
        with:
          node-version: ${{ matrix.node-version }}
          cache: npm
      - name: Install dependencies
        run: npm ci
      - name: Test
        run: npm run test

  test:
    runs-on: ubuntu-latest
    needs:
      - test-unit
    steps:
      - run: exit 1
        if: ${{ needs.test-unit.result != 'success' }}
      - run: exit 0
        if: ${{ needs.test-unit.result == 'success' }}
    if: ${{ always() }}