on: 
  pull_request:
    types: [opened, edited, reopened, synchronize]

  # trigger manually for debugging
  workflow_dispatch:

permissions:
  id-token: write   # This is required for requesting the JWT
  contents: read    # This is required for actions/checkout

env:
  AWS_REGION : us-east-1

jobs:
  mw-ut:
    name: mw-ut
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      # - name: configure aws credentials
      #   uses: aws-actions/configure-aws-credentials@v1
      #   with:
      #     role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GitHub_Action_Role
      #     role-session-name: cdksession
      #     aws-region: ${{ env.AWS_REGION }}
      - name: ut
        run: |
          pip install pytest
          pip install pytest-cov
          # TODO

  git-secrets:
    name: git-secrets
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive
      - name: Checkout awslabs/git-secrets
        uses: actions/checkout@v3
        with:
          repository: awslabs/git-secrets
          ref: master
          path: git-secrets
      - name: Install git-secrets
        run: cd git-secrets && sudo make install && cd ..
      - name: Run git-secrets
        run: |
          git-secrets --register-aws
          git-secrets --scan

  viperlight:
    name: viperlight
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Viperlight
        run: |
          wget -q https://viperlight-scanner.s3.amazonaws.com/latest/.viperlightrc
          wget -q https://viperlight-scanner.s3.amazonaws.com/latest/viperlight.zip
          unzip -q viperlight.zip -d ../viperlight
          rm -r ./viperlight.zip
          echo "Content scanning utility installation complete `date`"
          echo "Starting content scanning `date` in `pwd`"
          ../viperlight/bin/viperlight scan -m files-contents -m files-aws -m files-binary -m files-entropy -m files-secrets
          echo "Completed content scanning `date`"

  miss-spelling-validate:
    name: miss spelling check for words or sentences
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Set up Python environment
        uses: actions/setup-python@v4
        with:
          python-version: "3.8"
      # - name: flake8 Lint
      #   uses: py-actions/flake8@v2
      #   with:
      #     ignore: "E501, E302"
      - name: Check for misspellings
        uses: codespell-project/actions-codespell@master
        with:
          only_warn: 1
          check_filenames: true
          skip: .git,*.png,*.jpg,*.jpeg

  sematic-validate:
    name: Validate PR title
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - uses: amannn/action-semantic-pull-request@v5.0.2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with :
          types: |
            feat
            fix
            docs
            style
            refactor
            perf
            test
            build
            ci
            chore
            revert