# This action pushes the output of clang-tidy to Codacy
# See https://github.com/codacy/codacy-clang-tidy

name: clang-tidy-review
on:
  # We need to run on pull_request_target to gain access to secrets (for the
  # Codacy token).
  pull_request_target: {}

concurrency:
  group: ${{ github.repository }}-${{ github.head_ref || github.run_id }}-clang-tidy
  cancel-in-progress: true

jobs:
  run:
    # Unprivileged action that runs clang-tidy and produces report.json in
    # Codacy format.
    name: Run clang-tidy
    permissions: {} # Security: run cmake from a fully unprivileged context
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          repository: ${{ github.event.pull_request.head.repo.full_name }}

      - name: Install Dependencies
        run: |
          sudo apt-get update
          sudo apt-get install \
            clang \
            cmake \
            ninja-build \
            python3 \
            gettext \
            qtbase5-dev \
            libqt5svg5-dev \
            libkf5archive-dev \
            liblua5.3-dev \
            libsqlite3-dev \
            libsdl2-mixer-dev
          export CC=$(which clang)
          export CXX=$(which clang++)

      - name: Configure
        run: |
          cmake . -B build -G Ninja -DCMAKE_BUILD_TYPE=Debug

      # We need to build to get all the generated files (*.ui, *_gen.h, ...)
      - name: Build
        run: |
          cmake --build build

      - name: Install Codacy Tools
        run: |
          wget -O codacy-clang-tidy https://github.com/codacy/codacy-clang-tidy/releases/download/1.3.3/codacy-clang-tidy-linux-1.3.3
          chmod +x codacy-clang-tidy

      - name: Run clang-tidy
        run: |
          run-clang-tidy -p build | ./codacy-clang-tidy >report.json

      - uses: actions/upload-artifact@v3
        with:
          name: clang-tidy-report
          path: report.json

  upload:
    # Privileged action to upload to Codacy. Do the strict minimum here to
    # minimize exposure.
    name: Upload
    needs: run
    runs-on: ubuntu-latest
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: clang-tidy-report

      - name: Upload Results
        env:
          COMMIT: ${{ github.event.pull_request.head.sha }}
          PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
        run: |
          curl -XPOST -L -H "project-token: $PROJECT_TOKEN" \
            -H "Content-type: application/json" -d @- \
            "https://api.codacy.com/2.0/commit/$COMMIT/issuesRemoteResults" \
            <report.json

          curl -XPOST -L -H "project-token: $PROJECT_TOKEN" \
            -H "Content-type: application/json" \
            "https://api.codacy.com/2.0/commit/$COMMIT/resultsFinal"