name: Clang-Tidy Code Scanning

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  merge_group:
    types: [checks_requested]
  pull_request:

permissions: {}

jobs:
  clang-tidy:
    name: Run Clang-Tidy

    runs-on: ubuntu-latest

    permissions:
      contents: read
      security-events: write

    steps:
      - name: Checkout repository
        uses: actions/checkout@v6
        with:
          fetch-depth: 0 # Required for diffing later on
          submodules: "true"

      - name: Install Nix
        uses: cachix/install-nix-action@v31

      - name: Run source generators
        # TODO(@getchoo): Figure out how to make this work with PCH
        run: |
          nix develop --command bash -c '
            cmake -B build -D Launcher_USE_PCH=OFF && cmake --build build --target autogen autorcc
          '

      # TODO: Use SARIF after https://github.com/psastras/sarif-rs/issues/638 is fixed
      - name: Run clang-tidy-diff
        env:
          BASE_REF: ${{ github.event.pull_request.base.sha || github.event.merge_group.base_sha }}
        run: |
          nix develop --command bash -c '
            clang-tidy -verify-config && git diff -U0 --no-color "$BASE_REF" | clang-tidy-diff.py -p1 -quiet -only-check-in-db
          '