name: Code Quality Checks

on:
  workflow_dispatch:
  pull_request:
  merge_group:
  push:
    branches: [ main, develop ]

# Enrich gradle.properties for CI/CD
env:
  GRADLE_OPTS: -Dorg.gradle.jvmargs="-Xmx6g -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError" -Dkotlin.incremental=false -XX:+UseG1GC
  CI_GRADLE_ARG_PROPERTIES: --stacktrace --no-daemon -Dsonar.gradle.skipCompile=true

jobs:
  checkScript:
    name: Search for forbidden patterns
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run code quality check suite
        run: ./tools/check/check_code_quality.sh

  checkScreesnhot:
    name: Search for invalid screenshot files
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Set up Python 3.12
        uses: actions/setup-python@v5
        with:
          python-version: 3.12
      - name: Search for invalid screenshot files
        run: ./tools/test/checkInvalidScreenshots.py

  checkDependencies:
    name: Search for invalid dependencies
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Use JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '17'
      - name: Configure gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
      - name: Set up Python 3.12
        uses: actions/setup-python@v5
        with:
          python-version: 3.12
      - name: Search for invalid dependencies
        run: ./tools/dependencies/checkDependencies.py

  # Code checks
  konsist:
    name: Konsist tests
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('check-konsist-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-konsist-develop-{0}', github.sha) || format('check-konsist-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v4
        with:
          # Ensure we are building the branch and not the branch after being merged on develop
          # https://github.com/actions/checkout/issues/881
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      - name: Use JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '17'
      - name: Configure gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
      - name: Run Konsist tests
        run: ./gradlew :tests:konsist:testDebugUnitTest $CI_GRADLE_ARG_PROPERTIES --no-daemon
      - name: Upload reports
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: konsist-report
          path: |
            **/build/reports/**/*.*

  lint:
    name: Android lint check
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('check-lint-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-lint-develop-{0}', github.sha) || format('check-lint-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v4
        with:
          # Ensure we are building the branch and not the branch after being merged on develop
          # https://github.com/actions/checkout/issues/881
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      - name: Use JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '17'
      - name: Configure gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
      - name: Build Gplay Debug
        run: ./gradlew :app:compileGplayDebugKotlin $CI_GRADLE_ARG_PROPERTIES
      - name: Build Fdroid Debug
        run: ./gradlew :app:compileFdroidDebugKotlin $CI_GRADLE_ARG_PROPERTIES
      - name: Run lint
        run: ./gradlew :app:lintGplayDebug :app:lintFdroidDebug $CI_GRADLE_ARG_PROPERTIES
      - name: Upload reports
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: linting-report
          path: |
            **/build/reports/**/*.*

  detekt:
    name: Detekt checks
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('check-detekt-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-detekt-develop-{0}', github.sha) || format('check-detekt-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v4
        with:
          # Ensure we are building the branch and not the branch after being merged on develop
          # https://github.com/actions/checkout/issues/881
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      - name: Use JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '17'
      - name: Configure gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
      - name: Run Detekt
        run: ./gradlew detekt $CI_GRADLE_ARG_PROPERTIES --no-daemon
      - name: Upload reports
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: detekt-report
          path: |
            **/build/reports/**/*.*

  ktlint:
    name: Ktlint checks
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('check-ktlint-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-ktlint-develop-{0}', github.sha) || format('check-ktlint-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v4
        with:
          # Ensure we are building the branch and not the branch after being merged on develop
          # https://github.com/actions/checkout/issues/881
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      - name: Use JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '17'
      - name: Configure gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
      - name: Run Ktlint check
        run: ./gradlew ktlintCheck $CI_GRADLE_ARG_PROPERTIES
      - name: Upload reports
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: ktlint-report
          path: |
            **/build/reports/**/*.*

  knit:
    name: Knit checks
    runs-on: ubuntu-latest
    # Allow all jobs on main and develop. Just one per PR.
    concurrency:
      group: ${{ github.ref == 'refs/heads/main' && format('check-knit-main-{0}', github.sha) || github.ref == 'refs/heads/develop' && format('check-knit-develop-{0}', github.sha) || format('check-knit-{0}', github.ref) }}
      cancel-in-progress: true
    steps:
      - uses: actions/checkout@v4
        with:
          # Ensure we are building the branch and not the branch after being merged on develop
          # https://github.com/actions/checkout/issues/881
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      - name: Use JDK 17
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin' # See 'Supported distributions' for available options
          java-version: '17'
      - name: Configure gradle
        uses: gradle/actions/setup-gradle@v3
        with:
          cache-read-only: ${{ github.ref != 'refs/heads/develop' }}
      - name: Run Knit
        run: ./gradlew knitCheck $CI_GRADLE_ARG_PROPERTIES

  # Note: to auto fix issues you can use the following command:
  # shellcheck -f diff <files> | git apply
  shellcheck:
    name: Check shell scripts
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run shellcheck
        uses: ludeeus/action-shellcheck@2.0.0
        with:
          scandir: ./tools
          severity: warning

  upload_reports:
    name: Project Check Suite
    runs-on: ubuntu-latest
    needs: [konsist, lint, ktlint, detekt]
    steps:
      - uses: actions/checkout@v4
        with:
          # Ensure we are building the branch and not the branch after being merged on develop
          # https://github.com/actions/checkout/issues/881
          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.ref }}
      - name: Download reports from previous jobs
        uses: actions/download-artifact@v4
      - name: Prepare Danger
        if: always()
        run: |
          npm install --save-dev @babel/core
          npm install --save-dev @babel/plugin-transform-flow-strip-types
          yarn add danger-plugin-lint-report --dev
      - name: Danger lint
        if: always()
        uses: danger/danger-js@12.3.3
        with:
          args: "--dangerfile ./tools/danger/dangerfile-lint.js"
        env:
          DANGER_GITHUB_API_TOKEN: ${{ secrets.DANGER_GITHUB_API_TOKEN }}
          # Fallback for forks
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}