# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: "Build, lint, and test"

on:
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
    branches:
      - main

permissions:
  contents: read

jobs:
  changes:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: read # needed for `dorny/paths-filter`
    outputs:
      packages: ${{ steps.filter.outputs.changes }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
        id: filter
        with:
          filters: |
            hooks/openfeature-hooks-opentelemetry:
              - 'hooks/openfeature-hooks-opentelemetry/**'
            providers/openfeature-provider-env-var:
              - 'providers/openfeature-provider-env-var/**'
            providers/openfeature-provider-flagd:
              - 'providers/openfeature-provider-flagd/**'
            providers/openfeature-provider-flipt:
              - 'providers/openfeature-provider-flipt/**'
            providers/openfeature-provider-ofrep:
              - 'providers/openfeature-provider-ofrep/**'

  build:
    needs: changes
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
        package: ${{ fromJSON(needs.changes.outputs.packages) }}
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
        with:
          submodules: recursive

      - name: Install uv and set the python version ${{ matrix.python-version }}
        uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install dependencies
        working-directory: ${{ matrix.package }}
        run: uv sync --frozen

      - name: Building first to generate files
        working-directory: ${{ matrix.package }}
        run: uv build

      - name: Type checking
        if: matrix.python-version == '3.13'
        working-directory: ${{ matrix.package }}
        run: uv run mypy-check --frozen

      - name: Test with pytest
        working-directory: ${{ matrix.package }}
        run: uv run cov --frozen

      - if: matrix.python-version == '3.13'
        name: Upload coverage to Codecov
        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
        with:
          name: Code Coverage for ${{ matrix.package }} on Python ${{ matrix.python-version }}
          directory: ${{ matrix.package }}
          fail_ci_if_error: true # optional (default = false)
          verbose: true # optional (default = false)
          token: ${{ secrets.CODECOV_UPLOAD_TOKEN }}

  lint:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
      - name: Install uv and set the python version
        uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6
        with:
          python-version: "3.13"
          enable-cache: false # caching is done automatically in `pre-commit/action`

      - name: Run pre-commit
        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1

  sast:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

      - name: Initialize CodeQL
        uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3
        with:
          languages: python
          config-file: ./.github/codeql-config.yml

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3