jj-cz/.github/workflows/action.yml

name: Run checks and build archives

on:
  push:
    branches:
      - main
      - develop
    tags:
      - "v*.*.*"
  pull_request:
    types: [opened, synchronize, reopened]

jobs:
  coverage-and-sonar:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Nix
        uses: cachix/install-nix-action@v31
        with:
          nix_path: nixpkgs=channel:nixos-unstable

      - name: Set up cachix
        uses: cachix/cachix-action@v17
        with:
          name: phundrak
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"

      - name: Format Check
        shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}"
        run: just format-check

      - name: Audit
        shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}"
        run: just audit

      - name: Coverage
        shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}"
        run: just coverage-ci

      - name: Lint
        shell: bash -c "nix develop --no-pure-eval --accept-flake-config --command {0}"
        run: just lint-report

      - name: Sonar analysis
        uses: SonarSource/sonarqube-scan-action@v6
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

  build:
    needs: coverage-and-sonar
    strategy:
      matrix:
        target: ["linux-x86_64", "linux-aarch64", "windows-x86_64"]

    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: cachix/install-nix-action@v31
        with:
          nix_path: nixpkgs=channel:nixos-unstable

      - name: Set up cachix
        uses: cachix/cachix-action@v17
        with:
          name: phundrak
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"

      - name: Build jj-cz archive
        run: nix build .#${{matrix.target}}-archive

      - name: Upload artifact
        uses: actions/upload-artifact@v3
        with:
          name: jj-cz-${{matrix.target}}
          path: result/dist/*