name: Build, test, security
on:
  push:
    branches-ignore:
      - main
jobs:
  Clone-repo:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
      - uses: actions/upload-artifact@v3
        with:
          name: source-code
          path: .

  Unit-tests:
    runs-on: ubuntu-latest
    needs: Clone-repo
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: source-code
          path: .
      - run: make tests

  clang-analysis:
    runs-on: ubuntu-latest
    needs: Clone-repo
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: source-code
          path: .
      - run: make static-analysis

  SAST-flawfinder:
    runs-on: ubuntu-latest
    needs: Clone-repo
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: source-code
          path: .
      - run: sudo apt-get install -y flawfinder
      - run: make security-analysis

  SAST-SonarCloud:
    runs-on: ubuntu-latest
    needs: Clone-repo
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: source-code
          path: .
      - uses: SonarSource/sonarcloud-github-action@master
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  Build:
    runs-on: ubuntu-latest
    needs: [ Unit-tests, clang-analysis, SAST-flawfinder, SAST-SonarCloud ]
    steps:
      - uses: actions/download-artifact@v3
        with:
          name: source-code
          path: .
      - name: Build server and browser
        run: make dev
      - uses: actions/upload-artifact@v3
        with:
          name: dev-build-files
          path: ./build