.github/workflows/static-analysis.yml

name: Static Analysis

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main

env:
  GRADLE_OPTS: -Dorg.gradle.daemon=false

jobs:
  commit-lint:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          fetch-depth: 0
      - name: Check Commit Messages
        uses: wagoid/commitlint-github-action@3d28780bbf0365e29b144e272b2121204d5be5f3 # v6
        with:
          configFile: .commitlintrc.yml
  code-base-checks:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4
    - name: Check copyrights, license headers, and .gitattributes
      run: ./gradlew checkCopyrightsInNoticeFile checkLicenseHeaders checkGitAttributes
  completions:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
    - name: Setup Java
      uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4
      with:
        distribution: temurin
        java-version: 21
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4
    - name: Generate completions
      run: |
        ./scripts/generate_completion_scripts.sh
    - name: Check if completions are up-to-date
      run: |
        if git diff --exit-code; then
          echo "Completions are up-to-date."
        else
          echo "Completions are not up-to-date."
          echo "Please always run the script below when changing CLI commands:"
          echo "./scripts/generate_completion_scripts.sh"
          exit 1
        fi
  detekt-issues:
    runs-on: ubuntu-24.04
    permissions:
      # Needed for SARIF scanning upload.
      security-events: write
    steps:
    - name: Checkout Repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@d156388eb19639ec20ade50009f3d199ce1e2808 # v4
    - name: Check for Detekt Issues
      run: ./gradlew detektAll
    - name: Upload SARIF File
      uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3
      if: always() # Upload even if the previous step failed.
      with:
        sarif_file: build/reports/detekt/merged.sarif
  markdown-links:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
    - name: Check Links
      uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1
      with:
        base-branch: main
        check-modified-files-only: yes
        max-depth: 2
        use-quiet-mode: yes
  markdownlint:
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout Repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          fetch-depth: 0
      - name: Setup Node
        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
      - name: Check for Markdown issues
        run: |
          npm install -g markdownlint-rule-max-one-sentence-per-line@0.0.2
          npx markdownlint-cli2
  qodana-scan:
    if: ${{ github.event_name == 'pull_request' }}
    runs-on: ubuntu-24.04
    permissions:
      # Needed for SARIF scanning upload.
      security-events: write
    steps:
    - name: Checkout Repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      with:
        fetch-depth: 0
    - name: Qodana Scan
      uses: JetBrains/qodana-action@31d6f3309b31c566758e1314a3d9ef0dff75ecbd # v2024.2.6
      with:
        post-pr-comment: false
        use-caches: false
    - name: Upload Code Scanning Results
      uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3
      with:
        sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
  reuse-tool:
    runs-on: ubuntu-24.04
    steps:
    - name: Checkout Repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
    - name: Check REUSE Compliance
      run: |
        pipx install reuse
        reuse lint