.github/workflows/check.yml

name: Check
on:
  pull_request: ~
  push:
    branches:
      - main
      - v0

permissions: read-all

jobs:
  audit:
    name: Audit
    uses: ./.github/workflows/reusable-audit.yml
    needs:
      - build
  build:
    name: Build with ${{ matrix.engine }}
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        engine:
          - docker
          - podman
    steps:
      - name: Checkout repository
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          persist-credentials: false
      - name: Build
        env:
          ENGINE: ${{ matrix.engine }}
        run: make build "ENGINE=${ENGINE}"
  check:
    name: ${{ matrix.what }}
    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
        what:
          - ci
          - formatting
          - image
          - md
          - yml
    steps:
      - name: Checkout repository
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          persist-credentials: false
      - name: Install Node.js
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          cache: npm
          node-version-file: .nvmrc
      - name: Install tooling
        uses: asdf-vm/actions/install@4f8f7939dd917fc656bb7c3575969a5988c28364 # v3.0.0
      - name: Check
        env:
          WHAT: ${{ matrix.what }}
        run: make "check-${WHAT}"
  codeql:
    name: CodeQL (actions)
    runs-on: ubuntu-24.04
    permissions:
      security-events: write # To upload CodeQL results
    steps:
      - name: Checkout repository
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          persist-credentials: false
      - name: Initialize CodeQL
        uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
        with:
          config-file: ./.github/codeql.yml
          languages: actions
      - name: Perform CodeQL analysis
        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
  licenses:
    name: Licenses
    runs-on: ubuntu-24.04
    needs:
      - build
    steps:
      - name: Checkout repository
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          persist-credentials: false
      - name: Install Node.js
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          cache: npm
          node-version-file: .nvmrc
      - name: Install tooling
        uses: asdf-vm/actions/install@4f8f7939dd917fc656bb7c3575969a5988c28364 # v3.0.0
      - name: Check container image licenses
        if: ${{ failure() || success() }}
        run: make check-licenses-image
      - name: Check npm licenses
        if: ${{ failure() || success() }}
        run: make check-licenses-npm
  test:
    name: Test with ${{ matrix.engine }}
    runs-on: ubuntu-24.04
    needs:
      - build
    strategy:
      fail-fast: false
      matrix:
        engine:
          - docker
          - podman
    steps:
      - name: Checkout repository
        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
        with:
          persist-credentials: false
          submodules: true
      - name: Install Node.js
        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
        with:
          cache: npm
          node-version-file: .nvmrc
      - name: Test
        env:
          ENGINE: ${{ matrix.engine }}
        run: make test "ENGINE=${ENGINE}"