name: Build

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: "fs"
          ignore-unfixed: true
          format: "sarif"
          output: "trivy-results.sarif"
          severity: "CRITICAL"
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: "trivy-results.sarif"
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.18
      - name: golangci-lint
        uses: golangci/golangci-lint-action@v3
      - name: Series of tests
        run: |
          GO_FILES=$(find . -iname '*.go' -type f) # All the .go files, excluding vendor/
          test -z $(gofmt -s -l $GO_FILES) # Fail if a .go file hasn't been formatted with gofmt
          go test -v -race ./... # Run all the tests with the race detector enabled
          go vet ./... # go vet is the official Go static analyzer
          go install github.com/fzipp/gocyclo/cmd/gocyclo@latest
          /home/runner/go/bin/gocyclo -over 19 cmd pkg # forbid code with huge/complex functions
          go build main.go
      - name: Dry Run GoReleaser
        uses: goreleaser/goreleaser-action@v2
        with:
          version: latest
          args: release --snapshot --rm-dist