.github/workflows/pr_check.yml

name: PR Check
on: [pull_request] # Triggers on any branch
env:
  BASE_SHA: ${{ github.event.pull_request.base.sha }}
  USE_BROWSERSTACK: ${{ secrets.USE_BROWSERSTACK }}
  BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
  BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
  BROWSERSTACK_BUILD: 'Test ${{ github.run_number }}'

jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          # Number of commits to fetch. 0 indicates all history for all branches and tags.
          # Pulls all commits (needed for Lerna)
          fetch-depth: 0

      - name: Setup resources and environment
        uses: ./.github/actions/setup
        id: setup

      - name: Install Dependencies
        run: npm ci --audit=false --fund=false

      - name: Version
        run: |
          node -v
          npm -v

      - name: Reset NX # temporary
        run: npm run reset

      - name: Build
        run: npm run build:affected -- --base=$BASE_SHA

  lint:
    name: Lint
    needs: build
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup resources and environment
        uses: ./.github/actions/setup

      - name: Lint
        run: npm run lint:affected -- --base=$BASE_SHA

  test:
    name: Test / Chrome & Firefox
    needs: lint
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Test
        uses: ./.github/actions/run-test
        with:
          browsers: 'default'
          base: $BASE_SHA
          browserstack: $USE_BROWSERSTACK
          username: $BROWSERSTACK_USERNAME
          access-key: $BROWSERSTACK_ACCESS_KEY

  scan-sonarcloud:
    name: Scan
    needs: test
    uses: ./.github/workflows/sonarcloud_scan.yml
    secrets: inherit

  scan-blackduck:
    name: Scan
    uses: ./.github/workflows/blackduck_scan.yml
    with:
      target: Development-v6
    secrets: inherit

  scan-semgrep:
    name: Scan
    uses: ./.github/workflows/semgrep_scan.yml
    with:
      verbose: false
    secrets: inherit

  size-report:
    name: 'Report / Bundle Size'
    runs-on: ubuntu-latest
    steps:
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20.x
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          fetch-depth: 0
      - uses: preactjs/compressed-size-action@f780fd104362cfce9e118f9198df2ee37d12946c # 2.6.0
        with:
          build-script: 'build:prod'
          pattern: '{**/lib/**/*.js,**/*-theme/**/*.{js,css}}'