name: pr-lint-test

on:
  push:
    branches:
      - "master"
  pull_request:
    branches:
      - "master"

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.9"]

    steps:
      - uses: actions/checkout@v3
      - name: Install poetry
        run: |
         python -m pip install --upgrade pip
         pipx install poetry
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}
          cache: 'poetry'
      - name: Install dependencies
        run: |
          poetry install
          poetry run pip list
          VERSION=$(curl --silent "https://api.github.com/repos/hadolint/hadolint/releases/latest" | \
            grep '"tag_name":' | \
            sed -E 's/.*"v([^"]+)".*/\1/' \
            ) && curl -L -o /tmp/hadolint "https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64" \
            && chmod +x /tmp/hadolint
      - name: Poetry check
        run: |
          poetry lock --check
      - name: Lint with flake8
        run: |
          poetry run flake8 . --ignore=E266,W503,E203,E501,W605,E128 --exclude contrib
      - name: Checking format with black
        run: |
          poetry run black --check .
      - name: Lint with pylint
        run: |
          poetry run pylint --disable=W,C,R,E -j 0 -rn -sn prowler/
      - name: Bandit
        run: |
          poetry run bandit -q -lll -x '*_test.py,./contrib/' -r .
      - name: Safety
        run: |
          poetry run safety check
      - name: Vulture
        run: |
          poetry run vulture --exclude "contrib" --min-confidence 100 .
      - name: Hadolint
        run: |
          /tmp/hadolint Dockerfile --ignore=DL3013
      - name: Test with pytest
        run: |
          poetry run pytest tests -n auto