.github/workflows/ci.yml

name: CI
on:
  pull_request:
    types: [opened, reopened, synchronize]
  push:
    branches:
      - main

env:
  CODECOV_UNIQUE_NAME: CODECOV_UNIQUE_NAME-${{ github.run_id }}-${{ github.run_number }}

jobs:
  code-quality-checks:
    name: Code Quality Checks
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Corepack enable 
        run: corepack enable
        
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'yarn'

      - name: Install dependencies
        run: yarn install --immutable

      - name: Linting and Formatting checks
        run: yarn run lint

      - name: Type checking
        run: yarn run typecheck

  testing-and-coverage:
    name: Testing and Coverage
    needs: [code-quality-checks]
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          submodules: recursive

      - name: Corepack enable
        run: corepack enable

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'yarn'

      - name: Install dependencies
        run: yarn install --immutable

      - name: Run development server
        run: yarn run dev &

      - name: Run tests and generate coverage report
        run: yarn run test:coverage:all

      - name: Upload coverage report to Codecov
        uses: codecov/codecov-action@v4.6.0
        with:
          token: ${{ secrets.CODECOV_TOKEN }}
          name: ${{ env.CODECOV_UNIQUE_NAME }}
          verbose: true
          fail_ci_if_error: true
          
  check-unauthorized-file-changes:
    name: Check Unauthorized File Changes
    if: ${{github.actor != 'dependabot[bot]'}} && ${{github.event_name == 'pull_request'}}
    runs-on: ubuntu-latest
    steps: 
      - name: Checkout code
        uses: actions/checkout@v4
      
      - name: Get Changed Unauthorized files
        id: changed-unauth-files
        uses: tj-actions/changed-files@v45
        with:
          files: |
            .github/**
            .husky/**
            .env.example
            package.json
            tsconfig.json
            next.config.js
            next-sitemap.config.js
            next-env.d.ts
            tailwind.config.js
            postcss.config.js
            yarn.lock
            Dockerfile
            CODEOWNERS
            LICENSE
            .gitignore
            .gitmodules
            .gitattributes
            .eslintrc.js
            .eslintignore
            .zshrc
            .prettierrc
            .prettierignore
            .dockerignore
            makefile
            
      - name: List all changed unauthorized files
        if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true'
        env: 
          CHANGED_UNAUTH_FILES: ${{ steps.changed-unauth-files.outputs.all_changed_files }}
        run: |
          for file in ${CHANGED_UNAUTH_FILES}; do
            echo "$file is unauthorized to change/delete"
          done
          exit 1