name: CI

permissions: {}

on:
  workflow_dispatch:
  pull_request:
  push:
    branches:
      - master

jobs:
  build:
    name: build +${{ matrix.toolchain }} ${{ matrix.flags }}
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      contents: read
    strategy:
      fail-fast: false
      matrix:
        toolchain: [stable, nightly]
        flags:
          - ""
          - --via-ir
          - --use solc:0.8.17 --via-ir
          - --use solc:0.8.17
          - --use solc:0.8.0
          - --use solc:0.7.6
          - --use solc:0.7.0
          - --use solc:0.6.2
          - --use solc:0.6.12
    steps:
      - uses: actions/checkout@v6
        with:
          persist-credentials: false
      - uses: foundry-rs/foundry-toolchain@v1
      - run: forge --version
      - run: |
          case "${{ matrix.flags }}" in
            *"solc:0.8.0"* | *"solc:0.7"* | *"solc:0.6"*)
              forge build --skip test --skip Config --skip StdConfig --skip LibVariable --deny-warnings ${{ matrix.flags }}
              ;;
            *)
              forge build --skip test --deny-warnings ${{ matrix.flags }}
              ;;
          esac
      # via-ir compilation time checks.
      - if: contains(matrix.flags, '--via-ir')
        run: forge build --skip test --deny-warnings ${{ matrix.flags }} --contracts 'test/compilation/*'

  test:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      contents: read
    strategy:
      fail-fast: false
      matrix:
        toolchain: [stable, nightly]
    steps:
      - uses: actions/checkout@v6
        with:
          persist-credentials: false
      - uses: foundry-rs/foundry-toolchain@v1
        with:
          version: ${{ matrix.toolchain }}
      - run: forge --version
      - run: forge test -vvv

  fmt:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v6
        with:
          persist-credentials: false
      - uses: foundry-rs/foundry-toolchain@v1
      - run: forge --version
      - run: forge fmt --check

  typos:
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v6
        with:
          persist-credentials: false
      - uses: crate-ci/typos@2d0ce569feab1f8752f1dde43cc2f2aa53236e06 # v1

  codeql:
    name: Analyze (${{ matrix.language }})
    runs-on: ubuntu-latest
    permissions:
      security-events: write
      actions: read
      contents: read
    strategy:
      fail-fast: false
      matrix:
        include:
          - language: actions
            build-mode: none
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          persist-credentials: false
      - name: Initialize CodeQL
        uses: github/codeql-action/init@v4
        with:
          languages: ${{ matrix.language }}
          build-mode: ${{ matrix.build-mode }}
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v4
        with:
          category: "/language:${{matrix.language}}"

  ci-success:
    runs-on: ubuntu-latest
    if: always()
    needs:
      - build
      - test
      - fmt
      - typos
      - codeql
    timeout-minutes: 10
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
        with:
          jobs: ${{ toJSON(needs) }}