name: "JS CI: npm, deps, eslint, tests"

on:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      security-events: write # required for sarif upload
    steps:
      - uses: actions/checkout@v4
      - name: npm install
        run: npm install

      # check size of dependencies
      - name: dep-size howfat
        run: npx --yes howfat -d --reporter table --sort size-
      - name: dep-size qnm
        run: npx --yes qnm doctor
      - name: dep-size cost-of-modules
        run: npx --yes npx cost-of-modules --include-dev --no-install

      # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool
      - name: eslint (sarif output)
        # eslint exits 1 if it finds anything to report
        run: npx eslint . --format node_modules/@microsoft/eslint-formatter-sarif/sarif.js -o results.sarif || true
      - name: upload eslint sarif output for Security tab and inline results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

      - name: npm run lint
        # eslint exits 1 if it finds anything to report
        run: npm run lint