name: CI

on:
  push:
    branches:
    - master
  pull_request:
    branches:
    - master
  schedule:
    - cron: '0 2 * * 1' # At 02:00 on Monday

permissions: {}

jobs:
  test:
    name: Test
    runs-on: ${{ matrix.os }}
    timeout-minutes: 15
    strategy:
      matrix:
        os: [ubuntu-latest]
        node-version: [10, 12, 14, 16, 17]
        include:
          - os: macos-latest
            node_version: 16
          - os: windows-latest
            node_version: 16
      fail-fast: false
    steps:
      - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
      - name: Use Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: ${{ matrix.node-version }}
      - name: Bootstrap project
        run: npm ci --ignore-scripts
      - name: Run tests
        run: npm run-script test:ci
      - name: Publish coverage report to Coveralls
        uses: coverallsapp/github-action@045a25193560dc194e405657f552faeb6b9433aa # v2.1.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          flag-name: run-${{ matrix.os }}-node@${{ matrix.node-version }}
          parallel: true

  posttest:
    name: Post-Test
    needs: test
    runs-on: ubuntu-latest
    steps:
    - name: Coveralls finished
      uses: coverallsapp/github-action@045a25193560dc194e405657f552faeb6b9433aa # v2.1.0
      with:
        github-token: ${{ secrets.github_token }}
        parallel-finished: true

  code-lint:
    name: Code Lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
      - name: Use Node.js 16
        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: 16
      - name: Bootstrap project
        run: npm ci --ignore-scripts
      - name: Verify code linting
        run: npm run lint

  commit-lint:
    name: Commit Lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
        with:
          fetch-depth: 0
      - name: Use Node.js 16
        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
        with:
          node-version: 16
      - name: Bootstrap project
        run: npm ci --ignore-scripts
      - name: Verify commit linting
        run: |
          npx \
            --no-install \
            --package=@commitlint/cli \
            -- \
            commitlint \
              --from=origin/master \
              --to=HEAD \
              --verbose

  codeql:
    name: CodeQL
    runs-on: ubuntu-latest
    permissions:
      # See: https://github.com/github/codeql-action/blob/008b2cc71c4cf3401f45919d8eede44a65b4a322/README.md#usage
      security-events: write
    steps:
    - name: Checkout repository
      uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
    - name: Initialize CodeQL
      uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
      with:
        languages: 'javascript'
        config-file: ./.github/codeql/codeql-config.yaml

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11