.github/workflows/ci.yml

name: CI

on:
  push:
    branches:
      - 'main'
    tags:
      - 'v[0-9]+.[0-9]+.*'
  pull_request:
    branches:
      - 'main'
    types: [opened, synchronize, reopened]
    paths-ignore:
    - '**.md'
    - 'docs/**'

env:
  DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }}

jobs:
  # Run code linting on main and all PRs (including drafts)
  lint-code:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Setup Node
        uses: actions/setup-node@v3
        with:
          node-version: 16
          cache: 'npm'
      -
        name: NPM install
        run: npm ci
      -
        name: Run eslint
        run: npm run lint

  # Run unit tests on main (for coverage reports), and all pull requests
  test-unit:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Setup Node
        uses: actions/setup-node@v3
        with:
          node-version: 16
          cache: 'npm'
      -
        name: NPM install
        run: npm ci
      -
        name: Run unit tests with coverage reporting
        run: npm run test:coverage:ci
      -
        name: Archive code coverage
        run: |
          tar -cf coverage.tar coverage
      -
        name: Upload code coverage
        uses: actions/upload-artifact@v3
        with:
          name: coverage
          path: coverage.tar

  sonarcloud:
    runs-on: ubuntu-latest
    needs: [test-unit]
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
        with:
          # For SonarCloud to blame culprits
          fetch-depth: 0
      -
        name: Download code coverage
        uses: actions/download-artifact@v3
        with:
          name: coverage
          path: .
      -
        name: Unarchive code coverage
        run: tar -xf coverage.tar && rm coverage.tar && ls -l coverage/lcov.info
      -
        name: SonarCloud Scan
        uses: sonarsource/sonarcloud-github-action@v2.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  docker-build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Docker metadata
        id: metadata
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.DOCKER_REPOSITORY }}
          tags: |
            type=ref,event=pr
            type=ref,event=branch
            type=ref,event=tag
            type=semver,pattern={{version}}
      -
        if: github.actor != 'dependabot[bot]'
        name: Login to DockerHub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v3
        with:
          pull: true
          push: ${{ github.actor != 'dependabot[bot]' }}
          cache-from: type=gha,scope=${{ github.ref_name }}
          cache-to: type=gha,mode=max,scope=${{ github.ref_name }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}