# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions

name: Build and test

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_call:

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 40
    strategy:
      max-parallel: 5
      matrix:
        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]

    steps:
      - uses: actions/checkout@v6
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install -r requirements-dev.txt
      - name: Check code format
        run: |
          yapf -dr src
      - name: Check import order
        run: |
          isort src
      - name: Static type checking with Mypy
        run: |
          mypy src
      - name: Lint with Pylint
        run: |
          pylint src --disable=W --rcfile=.pylintrc
      - name: Test with pytest
        run: |
          pytest
        env:
          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}

  # The check-build-matrix returns success if all matrix jobs in build are successful; otherwise, it returns a failure.
  # Use this as a PR status check for GitHub Policy Service instead of individual matrix entry checks.
  check-build-matrix:
    runs-on: ubuntu-latest
    needs: build
    if: always()
    steps:
      - name: All build matrix options are successful
        if: ${{ !(contains(needs.*.result, 'failure')) }}
        run: exit 0
      - name: One or more build matrix options failed
        if: ${{ contains(needs.*.result, 'failure') }}
        run: exit 1