name: CI Checks

on:
  push:
    branches: ["**"]
  pull_request:
    branches: ["**"]
  workflow_dispatch:

jobs:
  unittest:
    runs-on: ubuntu-latest
    steps:
      - name: Clone This Repo
        uses: actions/checkout@v3
      - name: Build
        run: |
          sudo apt-get install -y lcov

          # Build the coverity analysis project as well to check compiler warning.
          # Coverity analysis project builds coreHTTP source file only. llhttp source
          # files are not built in this target.
          cmake -S test -B build/ \
          -G "Unix Makefiles" \
          -DCMAKE_BUILD_TYPE=Debug \
          -DUNITTEST=1 \
          -DCOV_ANALYSIS=1 \
          -DCMAKE_C_FLAGS='--coverage -Wall -Wextra -DNDEBUG'
          make -C build/ all

      - name: Run CTests
        run: ctest --test-dir build -E system --output-on-failure

      - name: Run Coverage
        run: |
          make -C build/ coverage
          declare -a EXCLUDE=("\*test\*" "\*CMakeCCompilerId\*" "\*mocks\*" "\*3rdparty\*")
          echo ${EXCLUDE[@]} | xargs lcov --rc lcov_branch_coverage=1 -r build/coverage.info -o build/coverage.info
          lcov --rc lcov_branch_coverage=1 --list build/coverage.info
      - name: Check Coverage
        uses: FreeRTOS/CI-CD-Github-Actions/coverage-cop@main
        with:
          coverage-file: ./build/coverage.info
          branch-coverage-min: 100
          line-coverage-min: 100

  complexity:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check complexity
        uses: FreeRTOS/CI-CD-Github-Actions/complexity@main
        with:
          path: ./

  doxygen:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run doxygen build
        uses: FreeRTOS/CI-CD-Github-Actions/doxygen@main
        with:
          path: ./

  spell-check:
    runs-on: ubuntu-latest
    steps:
      - name: Clone This Repo
        uses: actions/checkout@v3
      - name: Run spellings check
        uses: FreeRTOS/CI-CD-Github-Actions/spellings@main
        with:
          path: ./

  formatting:
    runs-on: ubuntu-20.04
    steps:
      - uses: actions/checkout@v3
      - name: Check formatting
        uses: FreeRTOS/CI-CD-Github-Actions/formatting@main
        with:
          path: ./

  ssot-check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout this repo
        uses: actions/checkout@v3
        with:
          path: current
      - name: Checkout coreMQTT
        uses: actions/checkout@v3
        with:
          ref: main
          repository: FreeRTOS/coreMQTT
          path: ssot
      - name: Check transport_interface.h
        run: |
          SSOT_FILE="ssot/source/interface/transport_interface.h"
          CURRENT_FILE="current/source/interface/transport_interface.h"
          diff <(tail -n +3 $SSOT_FILE) <(tail -n +3 $CURRENT_FILE)
          if [ "$?" -ne "0" ]; then
            echo "transport_interface.h differs from coreMQTT."
            exit 1
          else
            exit 0
          fi

  git-secrets:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Checkout awslabs/git-secrets
        uses: actions/checkout@v3
        with:
          repository: awslabs/git-secrets
          ref: master
          path: git-secrets
      - name: Install git-secrets
        run: cd git-secrets && sudo make install && cd ..
      - name: Run git-secrets
        run: |
          git-secrets --register-aws
          git-secrets --scan

  memory_statistics:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: "recursive"
      - name: Install Python3
        uses: actions/setup-python@v3
        with:
          python-version: "3.11.0"
      - name: Measure sizes
        uses: FreeRTOS/CI-CD-Github-Actions/memory_statistics@main
        with:
          config: .github/memory_statistics_config.json
          check_against: docs/doxygen/include/size_table.md

  link-verifier:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check Links
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        uses: FreeRTOS/CI-CD-Github-Actions/link-verifier@main
        with:
          path: ./

  verify-manifest:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: true
          fetch-depth: 0

      # At time of writing the gitmodules are set not to pull
      # Even when using fetch submodules. Need to run this command
      # To force it to grab them.
      - name: Perform Recursive Clone
        shell: bash
        run: git submodule update --checkout --init --recursive

      - name: Run manifest verifier
        uses: FreeRTOS/CI-CD-GitHub-Actions/manifest-verifier@main
        with:
          path: ./
          fail-on-incorrect-version: true

  proof_ci:
    if: ${{ github.event.pull_request }}
    runs-on: cbmc_ubuntu-latest_64-core
    steps:
      - name: Set up CBMC runner
        uses: FreeRTOS/CI-CD-Github-Actions/set_up_cbmc_runner@main
        with:
          kissat_tag: latest
          cbmc_version: "6.3.1"
      - run: |
          git submodule update --init --recursive --checkout
          sudo apt-get update
          sudo apt-get install --yes --no-install-recommends gcc-multilib build-essential
      - name: Run CBMC
        uses: FreeRTOS/CI-CD-Github-Actions/run_cbmc@main
        with:
          proofs_dir: test/cbmc/proofs