.github/workflows/ci.yml

name: "test-on-push"
on: [push]
concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  eslint:
    if: |
      !contains(github.event.pull_request.title, '[skip ci]')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: corepack enable && corepack prepare yarn@4.5.3
      - name: setup node
        uses: actions/setup-node@v4
        with:
          node-version: 22.10.0
          cache: 'yarn'
      - name: install app dependencies
        run: yarn install --frozen-lockfile
      - name: ESLint
        run: yarn eslint

  stylelint:
    if: |
      !contains(github.event.pull_request.title, '[skip ci]')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: corepack enable && corepack prepare yarn@4.5.3
      - name: setup node
        uses: actions/setup-node@v4
        with:
          node-version: 22.10.0
          cache: 'yarn'
      - name: install app dependencies
        run: yarn install --frozen-lockfile
      - name: Stylelint
        run: yarn stylelint "**/*.{css,js,scss}" -f github

  rubocop:
    if: |
      !contains(github.event.pull_request.title, '[skip ci]')
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup Ruby and install gems
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - name: Generate binstubs
        run: bundle binstubs rubocop
      - name: Lint Ruby files
        run: bin/rubocop --parallel
  security:
    if: |
      !contains(github.event.pull_request.title, '[skip ci]')
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Setup Ruby and install gems
        uses: ruby/setup-ruby@v1
        with:
          bundler-cache: true
      - name: Generate binstubs
        run: bundle binstubs bundler bundler-audit brakeman --force
      - name: Security audit dependencies
        run: bin/bundler-audit check --update --ignore CVE-2018-18260 CVE-2024-48652
      - name: Security audit application code
        run: bin/brakeman