---
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: MegaLinter

on:
  push:
    branches:
      - main
      - master
    paths-ignore:
      - '**.md'
      - 'docs/**'
      - '.github/*.md'
      - 'LICENSE'
  pull_request:
    branches:
      - main
      - master
    paths-ignore:
      - '**.md'
      - 'docs/**'
      - '.github/*.md'
      - 'LICENSE'
  merge_group:

env:
  # MegaLinter configuration - these override the action's defaults
  DISABLE_LINTERS: REPOSITORY_DEVSKIM
  VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}

  # Report configuration
  REPORT_OUTPUT_FOLDER: megalinter-reports
  ENABLE_SUMMARY_REPORTER: true
  ENABLE_SARIF_REPORTER: true

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

permissions:
  contents: read
  packages: read # Required for private dependencies

jobs:
  megalinter:
    name: MegaLinter
    runs-on: ubuntu-latest
    timeout-minutes: 30

    permissions:
      actions: write
      checks: write # Create and update check runs
      contents: write
      issues: write
      packages: read # Access private packages
      pull-requests: write
      security-events: write
      statuses: write

    steps:
      - name: Checkout Code
        uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta
        with:
          token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
          fetch-depth: 0

      - name: Run MegaLinter
        id: pr-lint
        uses: ./pr-lint
        with:
          token: ${{ secrets.FIXIMUS_TOKEN || secrets.GITHUB_TOKEN }}
          username: fiximus
          email: github-bot@ivuorinen.net

      - name: Upload SARIF Report
        if: always() && hashFiles('megalinter-reports/sarif/*.sarif')
        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
        with:
          sarif_file: megalinter-reports/sarif
          category: megalinter

      - name: Check Results
        if: always()
        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
        with:
          script: |
            const status = '${{ steps.pr-lint.outputs.validation_status }}';
            const conclusion = status === 'success' ? 'success' : 'failure';

            const summary = `## MegaLinter Results

            ${status === 'success' ? '✅ All checks passed' : '❌ Issues found'}

            [View detailed report](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID})
            `;

            await core.summary
              .addRaw(summary)
              .write();

            if (status !== 'success') {
              core.setFailed('MegaLinter found issues');
            }

      - name: Cleanup
        if: always()
        shell: sh
        run: |-
          # Remove temporary files but keep reports
          find . -type f -name "megalinter.*" ! -name "megalinter-reports" -delete || true
          find . -type d -name ".megalinter" -exec rm -rf {} + || true