version: 2.1

orbs:
  prodsec: snyk/prodsec-orb@1

filters_branches_ignore_main: &filters_branches_ignore_main
  filters:
    branches:
      ignore:
        - main

defaults: &defaults
  parameters:
    node_version:
      type: string
      default: "20.12.2"
  working_directory: ~/event-loop-spinner

commands:
  install_deps:
    description: Install dependencies
    steps:
      - checkout
      - run:
          name: Use snyk-main npmjs user
          command: echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" >> .npmrc
      - run:
          name: Install dependencies
          command: npm install
  install_node_npm:
    description: Install correct Node version
    parameters:
      node_version:
        type: string
        default: ""
    steps:
      - run:
          name: Install correct version of Node
          command: nvm install << parameters.node_version >>
      - run:
          name: Use correct version of Node
          command: nvm use << parameters.node_version >>
  show_node_version:
    description: Log Node and npm version
    steps:
      - run:
          name: Node version
          command: node --version
      - run:
          name: NPM version
          command: npm --version

jobs:
  security-scans:
    <<: *defaults
    resource_class: small
    docker:
      - image: cimg/node:<< parameters.node_version >>
    steps:
      - checkout
      - install_deps
      - prodsec/security_scans:
          mode: auto
          open-source-additional-arguments: --exclude=test,dist
  lint:
    <<: *defaults
    docker:
      - image: cimg/node:<< parameters.node_version >>
    steps:
      - checkout
      - install_deps
      - show_node_version
      - run:
          name: Run lint
          command: npm run lint

  test:
    <<: *defaults
    docker:
      - image: cimg/node:<< parameters.node_version >>
    steps:
      - checkout
      - install_deps
      - show_node_version
      - run:
          name: Run tests
          command: npm test

  release:
    <<: *defaults
    docker:
      - image: node:20
    steps:
      - checkout
      - install_deps
      - run:
          name: Run build
          command: npm run build
      - run:
          name: Publish to GitHub
          command: npx semantic-release@24

workflows:
  version: 2
  test_and_release:
    jobs:
      - prodsec/secrets-scan:
          name: Scan repository for secrets
          context:
            - snyk-bot-slack
          channel: os-team-managed-alerts
      - security-scans:
          name: Perform security scans for PRs
          context:
            - open_source-managed
      - lint:
          name: Lint
          context: nodejs-install
          node_version: "lts"
      - test:
          name: Run tests
          context: nodejs-install
          requires:
            - Lint
          <<: *filters_branches_ignore_main
      - release:
          name: Release
          context: nodejs-lib-release
          requires:
            - Scan repository for secrets
            - Perform security scans for PRs
            - Lint
          filters:
            branches:
              only:
                - main