.github/workflows/ci.yaml

name: CI

on:
  pull_request:
  push:
    branches:
      - main

jobs:
  docs:
    runs-on: ubuntu-22.04
    steps:
      - name: Project Checkout
        uses: actions/checkout@v4.1.7

      - name: Check typos on source files
        uses: dotanuki-labs/github-actions/quality/typos@main

      - name: Lint Markdown files
        uses: dotanuki-labs/github-actions/quality/markdown@main

      - name: Check MIT license on source files
        uses: dotanuki-labs/github-actions/foss/check-licenses@main
        with:
          file-patterns: "*.sh,*.bats,*.kt,*.kts"
          license: "mit"

  build:
    runs-on: ubuntu-22.04
    needs: docs
    strategy:
      matrix:
        jdk: [ '11', '17', '21' ]

    steps:
      - name: Project Checkout
        uses: actions/checkout@v4.1.7

      - name: Lint Bash files
        uses: dotanuki-labs/github-actions/quality/bash@main

      - name: Setup JDK
        uses: actions/setup-java@v4.4.0
        with:
          distribution: 'zulu'
          java-version: ${{ matrix.jdk }}

      - name: Setup Gradle build
        uses: gradle/actions/setup-gradle@v4.1.0
        with:
          gradle-home-cache-strict-match: false
          gradle-home-cache-cleanup: true

      - name: Setup Dependency Submission
        uses: gradle/actions/dependency-submission@v4.1.0

      - name: Run Gradle build
        id: build
        run: ./gradlew build assembleExecutable --scan

      - name: Run acceptance tests
        run: |
          sudo apt-get update >/dev/null
          sudo apt-get install -y bats >/dev/null
          bats src/test/bash/acceptance.bats

      - name: Archive executable
        uses: actions/upload-artifact@v4.4.0
        with:
          name: aaw-executable-jdk-${{ matrix.jdk }}
          path: build/bin

  e2e:
    runs-on: ubuntu-22.04
    needs: build
    steps:
      - name: Project Checkout
        uses: actions/checkout@v4.1.7

      - name: Setup JDK
        uses: actions/setup-java@v4.4.0
        with:
          distribution: 'zulu'
          java-version: '11'

      - name: Fetch executable from previous build
        uses: actions/download-artifact@v4.1.8

      - name: Add binary to the CLI path
        run: |
          chmod +x aaw-executable-jdk-11/aaw
          echo "$GITHUB_WORKSPACE/aaw-executable-jdk-11" >> "$GITHUB_PATH"

      - name: Run E2E tests
        run: |
          sudo apt-get update >/dev/null
          sudo apt-get install -y bats >/dev/null
          bats src/test/bash/e2e.bats

  secops:
    if: github.ref == 'refs/heads/main'
    permissions:
      security-events: read

    runs-on: ubuntu-22.04
    needs: build
    steps:
      - name: Project Checkout
        uses: actions/checkout@v4.1.7

      - name: Evaluate CVEs for the current Git sha
        run: ./scripts/secops.sh ${{ secrets.GITHUB_TOKEN }} ${{ github.sha }}

      - name: Archive SBOM
        uses: actions/upload-artifact@v4.4.0
        with:
          name: sbom
          path: aaw-sbom-${{ github.sha }}.json