name: Lint

on:
  push:
    branches:
      - main
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  lint:
    name: Run pre-commit & flake8
    runs-on: ubuntu-latest
    env:
      # List of licenses that are compatible with the MIT License and
      # can be used in our project
      ALLOWED_LICENSES: Apache Software License;
        BSD;  BSD License;
        GNU Library or Lesser General Public License (LGPL);
        Historical Permission Notice and Disclaimer (HPND);
        ISC License (ISCL);
        MIT License;
        Mozilla Public License 2.0 (MPL 2.0);
        Public Domain;
        Python Software Foundation License

# Configure pip to cache dependencies and do a user install
      PIP_NO_CACHE_DIR: false
      PIP_USER: 1

      # Disable Poetry virtualenv creation
      POETRY_VIRTUALENVS_CREATE: false

      # Specify explicit paths for python dependencies and the pre-commit
      # environment so we know which directories to cache
      PYTHONUSERBASE: ${{ github.workspace }}/.cache/py-user-base
      PRE_COMMIT_HOME: ${{ github.workspace }}/.cache/pre-commit-cache

    steps:
      - name: Add custom PYTHONUSERBASE to PATH
        run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH

      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Setup python
        id: python
        uses: actions/setup-python@v2
        with:
          python-version: '3.9'

      # This step caches our Python dependencies. To make sure we
      # only restore a cache when the dependencies, the python version,
      # the runner operating system, and the dependency location haven't
      # changed, we create a cache key that is a composite of those states.
      #
      # Only when the context is exactly the same, we will restore the cache.
      - name: Python Dependency Caching
        uses: actions/cache@v2
        id: python_cache
        with:
          path: ${{ env.PYTHONUSERBASE }}
          key: "python-0-${{ runner.os }}-${{ env.PYTHONUSERBASE }}-\
          ${{ steps.python.outputs.python-version }}-\
          ${{ hashFiles('./pyproject.toml', './poetry.lock') }}"

      # Install our dependencies if we did not restore a dependency cache
      - name: Install dependencies using poetry
        if: steps.python_cache.outputs.cache-hit != 'true'
        run: |
          pip install poetry
          poetry install --no-interaction --no-ansi

      # Check all of our dev dependencies are compatible with the MIT license.
      # If you added a new dependencies that is being rejected,
      # please make sure it is compatible with the license for this project,
      # and add it to the ALLOWED_LICENSE variable
      - name: Check Dependencies License
        run: |
          pip-licenses --allow-only="$ALLOWED_LICENSE" \
            --package $(poetry export -f requirements.txt --without-hashes | sed "s/==.*//g" | tr "\n" " ")

      # This step caches our pre-commit environment. To make sure we
      # do create a new environment when our pre-commit setup changes,
      # we create a cache key based on relevant factors.
      - name: Pre-commit Environment Caching
        uses: actions/cache@v2
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: "precommit-0-${{ runner.os }}-${{ env.PRE_COMMIT_HOME }}-\
          ${{ steps.python.outputs.python-version }}-\
          ${{ hashFiles('./.pre-commit-config.yaml') }}"

      # We will not run `flake8` here, as we will use a separate flake8
      # action. As pre-commit does not support user installs, we set
      # PIP_USER=0 to not do a user install.
      - name: Run pre-commit hooks
        run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files

      # Run flake8 and have it format the linting errors in the format of
      # the GitHub Workflow command to register error annotations. This
      # means that our flake8 output is automatically added as an error
      # annotation to both the run result and in the "Files" tab of a
      # pull request.
      #
      # Format used:
      # ::error file={filename},line={line},col={col}::{message}
      - name: Run flake8
        run: "flake8 \
        --format='::error file=%(path)s,line=%(row)d,col=%(col)d::[flake8] %(code)s: %(text)s'"

      # Prepare the Pull Request Payload artifact. If this fails, we
      # we fail silently using the `continue-on-error` option. It's
      # nice if this succeeds, but if it fails for any reason, it
      # does not mean that our lint checks failed.
      - name: Prepare Pull Request Payload artifact
        id: prepare-artifact
        if: always() && github.event_name == 'pull_request'
        continue-on-error: true
        run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json

      # This only makes sense if the previous step succeeded. To
      # get the original outcome of the previous step before the
      # `continue-on-error` conclusion is applied, we use the
      # `.outcome` value. This step also fails silently.
      - name: Upload a Build Artifact
        if: always() && steps.prepare-artifact.outcome == 'success'
        continue-on-error: true
        uses: actions/upload-artifact@v2
        with:
          name: pull-request-payload
          path: pull_request_payload.json