name: backend lint
on:
  push:
    branches:
      - master
  pull_request:

jobs:
  lint:
    name: backend lint
    runs-on: ubuntu-18.04
    timeout-minutes: 10
    strategy:
      matrix:
        python-version: [3.8.12]
    steps:
      - uses: actions/checkout@v2

      - name: Internal github app token
        id: token
        uses: getsentry/action-github-app-token@v1
        continue-on-error: true
        with:
          app_id: ${{ secrets.SENTRY_INTERNAL_APP_ID }}
          private_key: ${{ secrets.SENTRY_INTERNAL_APP_PRIVATE_KEY }}

      # If we make these jobs "required" to merge on GH, then on every PR, GitHub automatically
      # creates a status check in the "pending" state. This means that the workflow needs to run
      # for every PR in order to update the status checks.
      #
      # In order to optimize CI usage, we want the tests to only run when python files change,
      # since frontend changes should have no effect on these test suites. We cannot use GH workflow
      # path filters because entire workflow would be skipped vs skipping individual jobs which
      # would still allow this status check to pass.
      - name: Check for python file changes
        uses: getsentry/paths-filter@v2
        id: changes
        with:
          token: ${{ github.token }}
          filters: .github/file-filters.yml

      - name: Setup Python ${{ matrix.python-version }}
        uses: ./.github/actions/setup-python
        if: steps.changes.outputs.backend == 'true'
        with:
          python-version: ${{ matrix.python-version }}
          # Note this uses a different cache key than other backend-based workflows because this workflows dependencies are different
          cache-files-hash: ${{ hashFiles('requirements-pre-commit.txt') }}

      - name: Setup pre-commit
        if: steps.changes.outputs.backend == 'true'
        env:
          SENTRY_NO_VIRTUALENV_CREATION: 1
        run: |
          make setup-git

      - uses: getsentry/paths-filter@v2
        id: files
        with:
          # Enable listing of files matching each filter.
          # Paths to files will be available in `${FILTER_NAME}_files` output variable.
          # Paths will be escaped and space-delimited.
          # Output is usable as command line argument list in linux shell
          list-files: shell

          # It doesn't make sense to lint deleted files.
          # Therefore we specify we are only interested in added or modified files.
          filters: |
            all:
              - added|modified: '**/*.py'
              - added|modified: 'requirements-base.txt'

      - name: Run pre-commit on changed files
        if: steps.changes.outputs.backend == 'true'
        run: |
          # Run pre-commit to lint and format check files that were changed (but not deleted) compared to master.
          # XXX: there is a very small chance that it'll expand to exceed Linux's limits
          #      `getconf ARG_MAX` - max # bytes of args + environ for exec()
          pre-commit run --files ${{ steps.files.outputs.all_files }}

      # If working tree is dirty, commit and update if we have a token
      - name: Apply any pre-commit fixed files
        if: steps.token.outcome == 'success' && github.ref != 'refs/heads/master' && steps.changes.outputs.backend == 'true' && always()
        uses: getsentry/action-github-commit@main
        with:
          github-token: ${{ steps.token.outputs.token }}

      - name: Handle artifacts
        uses: ./.github/actions/artifacts