name: "JS: deps, lint, tests"

on:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      security-events: write # required for sarif upload
    steps:
      - uses: actions/checkout@v4

      - uses: oven-sh/setup-bun@v2
      - name: bun install
        run: bun install

      # check size of dependencies
      # all tools gave different results locally
      - name: dep-size node_modules
        run: du -sh node_modules | tee -a "$GITHUB_STEP_SUMMARY"
      - name: dep-size howfat -d (inc. dev) - ignores size of transitive deps
        run: bunx howfat -d --reporter table --sort size-
      - name: dep-size howfat -d -p (inc. dev, peer) - includes size of transitive deps per dep
        run: bunx howfat -d -p --reporter table --sort size-
      - name: dep-size qnm (flat list as in node_modules)
        run: |
          echo '```console' >> "$GITHUB_STEP_SUMMARY"
          echo '$ npx --yes qnm doctor' >> "$GITHUB_STEP_SUMMARY"
          npx --yes qnm doctor | tee -a "$GITHUB_STEP_SUMMARY"
          echo '```' >> "$GITHUB_STEP_SUMMARY"
      # - name: dep-size cost-of-modules # this says total 8.37MB while du says 75MB...
      #   run: npx --yes npx cost-of-modules --include-dev --no-install

      # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool
      - name: eslint (sarif output)
        # eslint exits 1 if it finds anything to report
        run: npx eslint . --format node_modules/@microsoft/eslint-formatter-sarif/sarif.js -o results.sarif || true
      - name: upload eslint sarif output for Security tab and inline results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif
          category: eslint

      - name: bun lint
        # eslint exits 1 if it finds anything to report
        run: bun lint