name: "ESLint analysis"

on:
  push:
    branches: [ "develop", "master" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "develop" ]
  schedule:
    - cron: '20 13 * * 6'

jobs:
  codeql:
    runs-on: ubuntu-latest
    permissions:
      # required for all workflows
      security-events: write
      # only required for workflows in private repositories
      actions: read
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: '18.17.0'

      - name: Set up corepack
        run: corepack enable

      # It can not be done before enable corepack
      - name: Set up cache
        uses: actions/setup-node@v4
        with:
          cache: pnpm
          cache-dependency-path: web/pnpm-lock.yaml

      - name: Fetch web dependencies
        working-directory: web
        run: pnpm install --frozen-lockfile

      # Runs the ESlint code analysis
      - name: Run ESLint
        # eslint exits 1 if it finds anything to report
        run: SARIF_ESLINT_EMBED=true pnpm run lint:ci
        working-directory: web

      - name: Replace React trash
        run: sed -i 's$Please see details in message$https://reactjs.org/is-broken-sarif-trash/$g' results.sarif

      - name: Anyone home?
        # eslint exits 1 if it finds anything to report
        run: cat results.sarif

      # Uploads results.sarif to GitHub repository using the upload-sarif action
      - uses: github/codeql-action/upload-sarif@v3
        with:
          # Path to SARIF file relative to the root of the repository
          sarif_file: results.sarif
          category: ESLint

      - uses: CatChen/eslint-suggestion-action@v3
        with:
          request-changes: true
          fail-check: false
          github-token: ${{ secrets.GITHUB_TOKEN }}
          directory: 'web'
          targets: 'web/src'