.github/workflows/lint.yaml

---
name: "Lint"
on:  # yamllint disable-line rule:truthy
  push:
    branches:
      - "!dependabot/*"
      - "main"
  pull_request:
    branches: ["*"]
  merge_group:
    types:
      - "checks_requested"
env:
  GO_VERSION: "~1.20"
jobs:
  go-lint:
    name: "Lint Go"
    runs-on: "ubuntu-latest"
    steps:
      - uses: "actions/checkout@v4"
      - uses: "authzed/actions/setup-go@main"
        with:
          go-version: "${{ env.GO_VERSION }}"
      - name: "Go Format"
        # using this instead of the authzed/actions version because `.`
        # properly ignores counterfeiter codegen
        working-directory: "magefiles"
        run: "go run mvdan.cc/gofumpt -w ."
      - name: "Codegen"
        uses: "magefile/mage-action@v3"
        with:
          version: "latest"
          args: "generate"
      - name: "Verify Gofumpt"
        uses: "chainguard-dev/actions/nodiff@main"
        with:
          fixup-command: "gofumpt"
      - uses: "authzed/actions/go-mod-tidy@main"
      - uses: "authzed/actions/go-mod-tidy@main"
        with:
          working_directory: "./tools"
      - uses: "authzed/actions/go-mod-tidy@main"
        with:
          working_directory: "./magefiles"
      - uses: "authzed/actions/go-mod-tidy@main"
        with:
          working_directory: "./e2e"
      - uses: "authzed/actions/go-generate@main"
      - uses: "authzed/actions/golangci-lint@main"

  extra-lint:
    name: "Lint YAML & Markdown"
    runs-on: "ubuntu-latest"
    steps:
      - uses: "actions/checkout@v4"
      - uses: "authzed/actions/yaml-lint@main"
      - uses: "stefanprodan/kube-tools@v1"
        with:
          command: "kustomize build ./config"
      # Disabled due to issues with Kustomize, see:
      # - https://github.com/instrumenta/kubeval-action/pull/3
      # - https://github.com/instrumenta/kubeval/issues/232
      # - uses: "instrumenta/kubeval-action@5915e4adba5adccac07cb156b82e54c3fed74921"
      #   with:
      #     files: "config"
      - uses: "authzed/actions/markdown-lint@main"

  codeql:
    name: "Analyze with CodeQL"
    runs-on: "ubuntu-latest"
    permissions:
      actions: "read"
      contents: "read"
      security-events: "write"
    strategy:
      fail-fast: false
      matrix:
        language: ["go"]
    steps:
      - uses: "actions/checkout@v4"
      - uses: "authzed/actions/codeql@main"