#
# Copyright Red Hat
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Validate PRs

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  
  build:
    name: Build
    runs-on: ubuntu-latest
    
    permissions:
      security-events: write

    steps:

    - name: Check out code into the Go module directory
      uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3

    - name: Setup Go environment
      uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
      with:
        go-version-file: 'go.mod'
      id: go

    - name: Check go mod status
      run: |
        make gomod_tidy
        if [[ ! -z $(git status -s) ]]
        then
          echo "Go mod state is not clean"
          git diff "$GITHUB_SHA"
          exit 1
        fi
    - name: Build Binary
      run: make bin
    
    - name: Check format
      run: |
        make gofmt
        if [[ ! -z $(git status -s) ]]
        then
          echo "not well formatted sources are found : $(git status -s)"
          exit 1
        fi

    - name: Check license
      run: |
        go install github.com/google/addlicense@latest
        git reset HEAD --hard
        make check_license          
        if [[ $? != 0 ]]
        then
          echo "not well formatted sources are found:"
          git --no-pager diff
          exit 1
        fi      

    - name: Run Go Tests
      run: make test

    - name: Run Gosec Security Scanner
      run: |
        go install github.com/securego/gosec/v2/cmd/gosec@v2.14.0
        make gosec
        if [[ $? != 0 ]]
        then
          echo "gosec scanner failed to run "
          exit 1
        fi   

    - name: Upload SARIF file
      uses: github/codeql-action/upload-sarif@v2
      with:
        # Path to SARIF file relative to the root of the repository
        sarif_file: gosec.sarif

    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4