name: Sonar
on:
  push:
    branches:
      - main

jobs:
  sonar:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v6.0.2
        with:
          fetch-depth: 0

      - name: Run Hadolint
        uses: hadolint/hadolint-action@v3.3.0
        with:
          dockerfile: Dockerfile
          output-file: hadolint.out
          format: sonarqube
          no-fail: true

      - name: Setup Python
        uses: actions/setup-python@v6
        with:
          python-version: "3.14"

      - name: uv cache
        uses: actions/cache@v5
        with:
          path: /tmp/.uv-cache
          key: uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
          restore-keys: |
            uv-${{ runner.os }}-${{ hashFiles('uv.lock') }}
            uv-${{ runner.os }}

      - name: Install dependencies
        run: uv sync
      

      - name: Lint
        run: |
          uv run pylint --exit-zero --recursive=yes --output-format=parseable --output=lintreport.txt app/ tests/
          cat lintreport.txt

      - name: Unit Test
        run: |
          uv run coverage run -m pytest -v --junitxml=testresults.xml
          uv run coverage report
          uv run coverage xml -q -o coverage.xml
          sed -i 's@${{ gitea.workspace }}@/github/workspace@g' coverage.xml

      - name: Minimize uv cache
        run: uv cache prune --ci

      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@v7.1.0
        env:
          SONAR_HOST_URL: ${{ vars.SONAR_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}