name: Pull Requests

on:
  push:
    branches: [main, develop, qa]
  pull_request:
    branches: [main, develop, qa]

jobs:
  lint:
    name: Lint on ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '18'
          cache: 'npm'
      - name: Set up node_modules cache
        uses: actions/cache@v2
        with:
          path: node_modules
          key: node-modules-cache-${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            node-modules-cache-${{ runner.os }}-npm-
      - name: Install npm dependencies
        run: npm install
      - name: Run lint
        run: npm run lint -- --env-info --no-color
    strategy:
      matrix:
        os: [macos-11, ubuntu-20.04, windows-2022]

  format:
    uses: ./.github/workflows/format-validate.yaml

  dependencies:
    name: Dependencies Check
    needs:
      - format
      - lint
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Setup Snyk
        uses: snyk/actions/setup@master
      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '18'
          cache: 'npm'
      - name: Set up node_modules cache
        uses: actions/cache@v2
        with:
          path: node_modules
          key: node-modules-cache-${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            node-modules-cache-${{ runner.os }}-npm-
      - name: Install npm dependencies
        run: npm ci
      - name: Create path report
        run: mkdir -p reports
      - name: Check dependencies
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        run: snyk test --file=package-lock.json --json-file-output=reports/snyk.json

  security:
    name: Security
    needs: dependencies
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Set up Horusec
        run: curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec/main/deployments/scripts/install.sh | bash -s latest
      - name: Run analysis
        run: |
          horusec start --project-path="./" --return-error="true"

  quality:
    name: SonarQube
    needs: security
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'
      - name: Install dependencies
        working-directory: .
        run: npm ci
      - name: Build
        working-directory: .
        run: npm run build
      - name: Run tests
        run: npm run test
      - name: Run SonarQube scan
        uses: sonarsource/sonarqube-scan-action@master
        with:
          args: >
            -Dsonar.links.ci=https://github.com/${{ github.repository }}/actions
            -Dsonar.links.issue=https://github.com/${{ github.repository }}/issues
            -Dsonar.links.scm=https://github.com/${{ github.repository }}
            -Dsonar.scm.forceReloadAll=true
            -Dsonar.scm.provider=git
            -Dsonar.sourceEncoding=UTF-8
            -Dsonar.verbose=false
          projectBaseDir: .
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_PIPELINES_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_PIPELINES_TOKEN }}
      - name: SonarQube Quality Gate check
        uses: sonarsource/sonarqube-quality-gate-action@master
        timeout-minutes: 5
        with:
          scanMetadataReportFile: .scannerwork/report-task.txt
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_PIPELINES_TOKEN }}