check.yml

name: Check
# Build, test and analyse source code before merging

on:
  push:
    branches-ignore:
      - main

jobs:
  build:
    name: Build
    uses: ./.github/workflows/build.yml
    secrets:
      GRADLE_ENCRYPTION_KEY: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

  post-build:
    name: Post-build
    runs-on: ubuntu-latest
    needs: build
    if: always()
    steps:
      - name: Check build matrix status
        run: if [ "${{ needs.build.result }}" = "success" ]; then exit 0; else exit 1; fi

  analyse:
    name: Analyse
    runs-on: ubuntu-latest
    needs: build
    steps:
      - uses: actions/checkout@v4
      - uses: ./.github/actions/analyse
        with:
          sonar-token: ${{ secrets.SONAR_TOKEN }}
          gradle-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}

  lint:
    name: Lint
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: read
      statuses: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Lint changes
        uses: github/super-linter/slim@v7
        env:
          DEFAULT_BRANCH: main
          VALIDATE_ALL_CODEBASE: false # changes only
          VALIDATE_BASH: true
          VALIDATE_BASH_EXEC: true
          VALIDATE_DOCKERFILE_HADOLINT: true
          VALIDATE_GITHUB_ACTIONS: true
          VALIDATE_RUBY: true
          VALIDATE_XML: true
          VALIDATE_YAML: true
          LINTER_RULES_PATH: /
          FILTER_REGEX_EXCLUDE: .*templates/.*.ya?ml
          BASH_SEVERITY: warning
          GITHUB_ACTIONS_CONFIG_FILE: .github/actionlint.yml
          GITHUB_ACTIONS_COMMAND_ARGS: -ignore=SC.+:info:.+
          GITHUB_TOKEN: ${{ github.token }}