name: "Code scanning - action"

on:
  push:
    branches: [ main, master, release ]
  schedule:
    - cron: '0 5 * * *'

permissions:
  contents: read

jobs:
  CodeQL-Build:

    permissions:
      actions: read  # for github/codeql-action/init to get workflow details
      contents: read  # for actions/checkout to fetch code
      security-events: write  # for github/codeql-action/analyze to upload SARIF results

        required: false
        default: 'false'

jobs:
  fastapi-people:
    if: github.repository_owner == 'tiangolo'
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4

        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.10"
          # Issue ref: https://github.com/actions/setup-python/issues/436
          # cache: "pip"
          # cache-dependency-path: pyproject.toml

# as well as a `run` key with the actions to do. All the conditions need to be true
# for the actions to run (there is an implicit AND relation between
# the conditions on each line).  Each condition is specified as a Jinja expression.  You
# can also use the constant `true` if you want to always run the actions.

permissions:
  contents: read

jobs:
  stale:
    permissions:
      issues: write  # for actions/stale to close stale issues
      pull-requests: write  # for actions/stale to close stale PRs
    runs-on: ubuntu-latest
    env:
      ACTIONS_STEP_DEBUG: true
    steps:
    - name: Close Stale Issues
      uses: actions/stale@v8
      with:
        repo-token: ${{ secrets.GITHUB_TOKEN }}

  test_docs:
    permissions:
      checks: write # for actions/upload-artifact
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/master' || contains(github.event.pull_request.labels.*.name, 'documentation')

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Configure JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'zulu'

# as well as a `run` key with the actions to do. All the conditions need to be true
# for the actions to run (there is an implicit AND relation between
# the conditions on each line).  Each condition is specified as a Jinja expression.  You
# can also use the constant `true` if you want to always run the actions.

        language: ['java', 'javascript']

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
      with:
        fetch-depth: 2

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}

    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'temurin'

# as well as a `run` key with the actions to do. All the conditions need to be true
# for the actions to run (there is an implicit AND relation between
# the conditions on each line).  Each condition is specified as a Jinja expression.  You
# can also use the constant `true` if you want to always run the actions.

        required: false
        default: 'false'

jobs:
  notify-translations:
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - uses: actions/checkout@v4
      # Allow debugging with tmate