.github/workflows/main.yml

name: CI

on:
  push:
    branches: [master, alpha]
  pull_request:
    types: [assigned, opened, synchronize, reopened]

jobs:
  lint:
    name: Linting
    runs-on: ubuntu-latest
    env:
      CI: true
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 1
      - uses: actions/setup-node@v3
        with:
          node-version: '18.x'
          cache: 'yarn'
      - name: install dependencies
        run: yarn --frozen-lockfile
      - name: lint
        run: yarn lint

  build:
    name: Building
    runs-on: ubuntu-latest
    env:
      CI: true
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 1
      - uses: actions/setup-node@v3
        with:
          node-version: '18.x'
          cache: 'yarn'
      - name: install dependencies
        run: yarn --frozen-lockfile
      - name: build
        run: yarn build

  test:
    name: Testing
    runs-on: ubuntu-latest
    env:
      CI: true
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 1
      - uses: actions/setup-node@v3
        with:
          node-version: '18.x'
          cache: 'yarn'
      - name: install dependencies
        run: yarn --frozen-lockfile
      - name: test
        run: yarn test:cov

  release:
    name: Building and releasing project
    runs-on: ubuntu-latest
    needs: [lint, build, test]
    steps:
      - uses: actions/checkout@v3
        with:
          persist-credentials: false
          fetch-depth: 1
      - uses: actions/setup-node@v3
        with:
          node-version: '18.x'
          cache: 'yarn'
      - name: install dependencies
        run: yarn --frozen-lockfile
      - name: Setup SSH signing key
        run: |
          echo "$SSH_KEY_PRIVATE" | tr -d '\r' > /tmp/id_ed25519
          echo $SSH_KEY_PUBLIC > /tmp/id_ed25519.pub
          chmod 600 /tmp/id_ed25519
          eval "$(ssh-agent -s)"
          ssh-add /tmp/id_ed25519
          git config --global gpg.format ssh
          git config --global commit.gpgsign true
          git config --global user.signingkey /tmp/id_ed25519.pub
          mkdir -p ~/.config/git
          echo "${{ vars.RB_EMAIL }} $SSH_KEY_PUBLIC" > ~/.config/git/allowed_signers
          git config --global gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers
        shell: bash
        env:
          SSH_KEY_PRIVATE: ${{ secrets.SSH_PRIVATE_KEY }}
          SSH_KEY_PUBLIC: ${{ vars.SSH_PUBLIC_KEY }}
      - name: release
        env:
          GH_TOKEN: ${{ secrets.GH_RELEASE_BOT_PAT }}
          GIT_AUTHOR_NAME: ${{ vars.RB_NAME }}
          GIT_AUTHOR_EMAIL: ${{ vars.RB_EMAIL }}
          GIT_COMMITTER_NAME: ${{ vars.RB_COMMITTER_NAME }}
          GIT_COMMITTER_EMAIL: ${{ vars.RB_COMMITTER_EMAIL }}
        run: yarn semantic-release
      - name: Clear SSH key
        run: |
          shred /tmp/id_ed25519
# TODO @polymath-eric: add SonarCloud step when the account confusion is sorted