---

name: CI

permissions:
  actions: read
  checks: read
  contents: read
  deployments: read
  issues: read
  discussions: read
  pull-requests: read
  repository-projects: read
  security-events: read
  statuses: read

on:
  push:
    tags:
      - v*
    branches:
      - master
      - stable
      - v1
  release:
    types:
      - published
      - released
  pull_request:
    types:
      - opened
      - edited
      - reopened
      - synchronize
      - ready_for_review

jobs:
  test:
    name: Test
    runs-on: ubuntu-latest
    timeout-minutes: 10
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          submodules: recursive

      - uses: jdx/mise-action@v3
        name: Install mise

      - name: Run tests
        run: mise tasks run covtest

      - name: Collect coverage
        uses: codecov/codecov-action@v5
        with:
          files: ./coverage.txt

  fuzz:
    name: Fuzzing
    runs-on: ubuntu-latest
    timeout-minutes: 20
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          submodules: recursive

      - uses: jdx/mise-action@v3
        name: Install mise

      - name: Run fuzzing
        run: mise tasks run 'test:fuzz:*'


  lint:
    name: Lint
    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          submodules: recursive

      - uses: jdx/mise-action@v3
        name: Install mise

      - name: Run linter
        run: mise tasks run lint

  docker:
    name: Docker
    runs-on: ubuntu-latest
    timeout-minutes: 20
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          submodules: recursive

      - name: Get Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: nineseconds/mtg
          tags: |
            type=semver,pattern={{version}}

      - name: Setup QEMU
        uses: docker/setup-qemu-action@v3

      - name: Setup BuildX
        uses: docker/setup-buildx-action@v3

      - name: Setup cache
        uses: actions/cache@v5
        with:
          path: /tmp/buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-

      - name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

      - name: Build and push
        uses: docker/build-push-action@v2
        with:
          pull: true
          context: .
          platforms: linux/amd64,linux/arm64,linux/386,linux/arm/v7,linux/arm/v6
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=local,src=/tmp/buildx-cache
          cache-to: type=local,dest=/tmp/buildx-cache