#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#
name: "CodeQL"

on:
  push:
    branches: [ "master" ]
  pull_request:
    branches: [ "master" ]
  schedule:
    - cron: '27 11 * * 6'

jobs:
  analyze:
    name: Analyze
    runs-on: 'ubuntu-latest'
    timeout-minutes: 360
    permissions:
      # required for all workflows
      security-events: write

      # only required for workflows in private repositories
      actions: read
      contents: read
      pull-requests: read

    strategy:
      fail-fast: false
      matrix:
        language: [ 'c-cpp', 'java-kotlin', 'python' ]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Detect changed files
      id: changes
      uses: apache/pulsar-test-infra/paths-filter@master
      with:
        filters: .github/changes-filter.yaml
        list-files: csv

    - name: Check changed files
      id: check_changes
      run: |
        echo "docs_only=${{ fromJSON(steps.changes.outputs.all_count) == fromJSON(steps.changes.outputs.docs_count) && fromJSON(steps.changes.outputs.docs_count) > 0 }}" >> $GITHUB_OUTPUT

    - name: Cache local Maven repository
      if: steps.check_changes.outputs.docs_only != 'true'
      id: cache
      uses: actions/cache@v4
      with:
        path: |
          ~/.m2/repository/*/*/*
          !~/.m2/repository/org/apache/bookkeeper
          !~/.m2/repository/org/apache/distributedlog
        key: ${{ runner.os }}-bookkeeper-all-${{ hashFiles('**/pom.xml') }}

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}

    - name: Set up JDK 11
      if: steps.check_changes.outputs.docs_only != 'true'
      uses: actions/setup-java@v4
      with:
        distribution: 'temurin'
        java-version: 11

    - name: Validate pull request
      if: steps.check_changes.outputs.docs_only != 'true'
      run: |
        mvn -T 1C -B -nsu clean install -Ddistributedlog -DskipTests

    - name: Perform CodeQL Analysis
      if: steps.check_changes.outputs.docs_only != 'true'
      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"