name: ci

on:
  push:
    branches: [master]
  pull_request:
    branches: [master]
  schedule:
  - cron: '7 4 * * 4'  # weekly on thursday morning

jobs:
  build:
    runs-on: ubuntu-24.04
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'
    - name: Install dependencies
      run: |
        pip install poetry
        poetry install --no-root
    - name: Linting
      run: |
        make lint

  e2e-with-kind:
    name: e2e with kind
    needs: build
    runs-on: ubuntu-24.04
    strategy:
      matrix:
        k8s-version:
        - v1.22.15
        - v1.23.13
        - v1.24.7
        - v1.25.3
      fail-fast: false
    env:
      kind-version: v0.17.0
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: '3.11'
    - name: Install dependencies
      run: |
        pip install poetry
        poetry install --no-root
    - name: Set up kind with K8s version ${{ matrix.k8s-version }}
      uses: engineerd/setup-kind@v0.5.0
      with:
        image: kindest/node:${{ matrix.k8s-version }}
        version: ${{ env.kind-version }}
    - name: E2E test
      run: |
        kubectl cluster-info
        kubectl proxy &
        sleep 1
        make e2e-with-kind

  actionlint:
    runs-on: ubuntu-24.04
    steps:
    - uses: actions/checkout@v4
    - name: Check workflow files
      run: |
        echo "::add-matcher::.github/actionlint-matcher.json"
        bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
        ./actionlint

  codeql:
    runs-on: ubuntu-24.04
    steps:
    - uses: actions/checkout@v4
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
        fetch-depth: 2

    # If this run was triggered by a pull request event, then checkout
    # the head of the pull request instead of the merge commit.
    - run: git checkout HEAD
      if: ${{ github.event_name == 'pull_request' }}

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: python
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
        # queries: ./path/to/local/query, your-org/your-repo/queries@main

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v3