gitea/.github/workflows/pull-compliance.yml

name: compliance

on:
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  files-changed:
    uses: ./.github/workflows/files-changed.yml

  lint-backend:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: ./.github/actions/go-setup
        with:
          lint-cache: "true"
      - run: make deps-backend deps-tools
      - run: TAGS="bindata" make generate-go # lint-go also lints with "bindata" tags which requires "_bindata.go"
      - run: make lint-backend

  lint-on-demand:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: ./.github/actions/go-setup
        with:
          cache: "false"
      - uses: ./.github/actions/node-setup
        with:
          cache: "false"

      - run: make lint-spell

      - if: needs.files-changed.outputs.templates == 'true' || needs.files-changed.outputs.yaml == 'true' || needs.files-changed.outputs.actions == 'true'
        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
        with:
          python-version: 3.14
      - if: needs.files-changed.outputs.templates == 'true' || needs.files-changed.outputs.yaml == 'true'
        run: make deps-py lint-templates lint-yaml

      - if: needs.files-changed.outputs.docs == 'true' || needs.files-changed.outputs.swagger == 'true' || needs.files-changed.outputs.json == 'true'
        run: make deps-frontend lint-md lint-swagger lint-json

      - if: needs.files-changed.outputs.actions == 'true'
        run: make lint-actions

      - if: needs.files-changed.outputs.shell == 'true'
        run: make lint-shell

  checks-backend:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: ./.github/actions/go-setup
      - run: make deps-backend deps-tools
      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs

  frontend:
    if: needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: ./.github/actions/node-setup
      - run: make deps-frontend
      - run: make lint-frontend
      - run: make checks-frontend
      - run: make test-frontend
      - run: make frontend

  backend:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: ./.github/actions/go-setup
      - run: make deps-backend generate-go
      # no frontend build here as backend should be able to build, even without any frontend files
      # CGO is not used when cross-compile, so these steps also test if the code is compatible with CGO disabled
      - name: build-backend-arm64
        run: go build -o gitea_linux_arm64
        env:
          GOOS: linux
          GOARCH: arm64
          TAGS: bindata gogit
      - name: build-backend-windows
        run: go build -o gitea_windows
        env:
          GOOS: windows
          GOARCH: amd64
          TAGS: bindata gogit
      - name: build-backend-386
        run: go build -o gitea_linux_386
        env:
          GOOS: linux
          GOARCH: 386