.github/workflows/pull-request.yml

name: On pull request

on: [ pull_request ]

concurrency: pull-request

jobs:
  build:

    runs-on: ubuntu-latest

    steps:

      - name: Checkout full repository history
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'corretto'
          cache: 'gradle'

      - name: Build, run tests and upload dev snapshot to Maven Central with Gradle
        run: |
          ./gradlew devSnapshot printDevSnapshotReleaseNote && ./gradlew devSanitizedVersion printSanitizedVersion
        env:
          STORE_ID: ${{ secrets.STORE_ID }}
          API_TOKEN: ${{ secrets.API_TOKEN }}
          API_HOST: ${{ secrets.API_HOST }}
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
          GPG_SIGNING_PASSWORD: ${{ secrets.GPG_SIGNING_PASSWORD }}
          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
          OSSRH_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
          GITHUB_HEAD_REF: ${{ github.head_ref }}
          GITHUB_HEAD_SHA: ${{ github.event.pull_request.head.sha }}

      - name: Read sanitized version
        id: read_sanitized_version
        run: echo "sanitized_version=$(cat sanitized_version.txt)" >> $GITHUB_ENV

      - name: Output sanitized version
        run: |
          echo "Sanitized Version: ${{ env.sanitized_version }}" >> $GITHUB_STEP_SUMMARY

      - name: Upload artifacts with checks results
        uses: actions/upload-artifact@v3
        if: failure()
        with:
          name: check-results
          path: |
            ${{ github.workspace }}/build/reports/tests/test/*
            ${{ github.workspace }}/build/reports/detekt/detekt.html

      - name: Upload static analysis results
        uses: github/codeql-action/upload-sarif@v2
        if: always()
        with:
          sarif_file: ${{ github.workspace }}/build/reports/detekt/detekt.sarif
          category: "Detekt Scanning"