.github/workflows/pr.yaml

name: "PR Checks"

on:
  pull_request:
    types: [opened, synchronize, edited, closed, reopened]

concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  validate-title:
    name: Validate PR Title
    runs-on: ubuntu-latest
    steps:
      - uses: amannn/action-semantic-pull-request@v4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  check-packages-changed:
    name: Assign project changed
    runs-on: ubuntu-latest
    outputs:
      changed: ${{ steps.packages-changed.outputs.any_changed }}
    steps:
      - uses: actions/checkout@v3
      - name: Check external packages changes
        id: packages-changed
        uses: tj-actions/changed-files@v22.2
        with:
          files: |
            **/packages/app/**  
            **/packages/types/**
            **/packages/react/**

  validate-changeset:
    name: Validate PR Changeset
    needs: check-packages-changed
    if: ${{ github.head_ref != 'changeset-release/master' && needs.check-packages-changed.outputs.changed == 'true' }}
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: CI Setup
        uses: FuelLabs/github-actions/setups/node@58bcd91d7246e40938e1971be0b0fe35b253dff0
        with:
          node-version: 20.11.0
          pnpm-version: 9.5.0

      - name: Validate Changeset
        run: pnpm changeset status --since=origin/${{ github.base_ref }}

  audit:
    name: Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: FuelLabs/github-actions/setups/node@master
        with:
          node-version: 20.11.0
          pnpm-version: 9.5.0
      - name: Install jq
        run: sudo apt-get install jq
      - run: |
          pnpm audit --prod --json | jq '
            .advisories | to_entries | 
            map(select(.value.patched_versions != "<0.0.0" and .value.severity == "critical") | {package: .value.module_name, vulnerable: .value.vulnerable_versions, fixed_in: .value.patched_versions}) 
          ' > audit_fix_packages.json
          if [ "$(jq 'length' audit_fix_packages.json)" -gt "0" ]; then
            echo "Actionable vulnerabilities found in the following packages:"
            jq -r '.[] | "\u001b[1m\(.package)\u001b[0m vulnerable in \u001b[31m\(.vulnerable)\u001b[0m fixed in \u001b[32m\(.fixed_in)\u001b[0m"' audit_fix_packages.json | while read -r line; do echo -e "$line"; done
            echo "Please run \`pnpm --prod --fix\`"
            exit 1
          else
            echo "No actionable vulnerabilities"
            exit 0
          fi
  
  strict-audit:
    name: Strict Audit
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: FuelLabs/github-actions/setups/node@master
        with:
          node-version: 20.11.0
          pnpm-version: 9.5.0
      - run: pnpm audit --prod

  lint:
    name: Lint
    runs-on: ubuntu-latest
    permissions:
      checks: write
      pull-requests: write
      contents: write
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup Node
        uses: FuelLabs/github-actions/setups/node@master
        with:
          node-version: 20.11.0
          pnpm-version: 9.5.0

      - name: Run lint
        run: |
          pnpm ts:check
          pnpm lint:ci
          
  docs:
    name: Docs
    uses: FuelLabs/github-actions/.github/workflows/next-docs.yml@master
    with:
      doc-folder-path: 'packages/docs/docs'
      src-folder-path: 'packages/docs/src'
      spellcheck-config-path: 'packages/docs/.spellcheck.yml'