.github/workflows/ci.yml

name: ci

on:
  pull_request:
  push:
    branches: [main]
  workflow_dispatch:

jobs:
  check:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [macos-14, ubuntu-latest]
    steps:
      - name: Add Homebrew to $PATH
        if: runner.os == 'Linux'
        run: |
          # mitigate https://github.com/actions/runner-images/issues/6283
          echo "/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin" >>"$GITHUB_PATH"
      - uses: actions/checkout@v4
      - name: Install Prettier
        run: npm i -g prettier@'^3'
      - name: Check web code formatting with Prettier
        run: prettier --check .
      - name: Install formatters with Homebrew
        run: brew install shfmt taplo
      - name: Check shell script formatting with shfmt
        run: shfmt -d -i 2 .
      - name: Install ShellCheck (https://github.com/koalaman/shellcheck) on macOS
        if: runner.os == 'macOS'
        run: brew install bash shellcheck
      - name: Check shell script formatting with ShellCheck
        run: |
          shopt -s globstar nullglob
          set -- **/*.{sh,bash}
          if [ -n "$1" ]; then
            echo "Checking $@"
            shellcheck "$@"
          else
            echo "No shell scripts for ShellCheck to check."
          fi
        shell: bash
        env:
          SHELLCHECK_OPTS: -e SC1071 -e SC1090 -e SC1091
      - name: Check TOML formatting with Taplo
        run: |
          taplo check .taplo.toml
          taplo check --schema https://starship.rs/config-schema.json .config/starship.toml
          taplo fmt --check **/*.toml
  test:
    if: github.event_name != 'push'
    needs: [check]
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [macos-14, ubuntu-latest]
    timeout-minutes: 100
    env:
      STRAP_CI: 1
      STRAP_DEBUG: 1
      STRAP_DOTFILES_BRANCH: ${{ github.ref }}
      STRAP_GIT_EMAIL: 26674818+br3ndonland@users.noreply.github.com
      STRAP_GIT_NAME: GitHub Actions
      STRAP_GITHUB_USER: br3ndonland
    steps:
      - name: Add Homebrew to $PATH
        if: runner.os == 'Linux'
        run: |
          # mitigate https://github.com/actions/runner-images/issues/6283
          echo "/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin" >>"$GITHUB_PATH"
      - name: Set bootstrap script URL
        run: |
          STRAP_SCRIPT_URL="https://raw.githubusercontent.com/$STRAP_GITHUB_USER/dotfiles/$STRAP_DOTFILES_BRANCH/bootstrap.sh"
          echo "STRAP_SCRIPT_URL=$STRAP_SCRIPT_URL"
          echo "STRAP_SCRIPT_URL=$STRAP_SCRIPT_URL" >>"$GITHUB_ENV"
      - name: Clean up Homebrew
        run: |
          command -v brew &>/dev/null && brew test-bot --only-cleanup-before ||
            echo "Homebrew not found."
      - name: Clean up macOS
        if: runner.os == 'macOS'
        run: |
          sudo rm -rf /usr/local/Caskroom /usr/local/Homebrew /usr/local/bin/brew \
            /usr/local/.??* /Applications/Xcode.app /Library/Developer/CommandLineTools
      - name: Create a non-admin user account
        run: |
          username=standard-user
          if ${{ runner.os == 'Linux' }}; then
            sudo adduser --disabled-password --gecos "" $username
            home_prefix=/home
          elif ${{ runner.os == 'macOS' }}; then
            # TODO: admin user is being created
            sudo sysadminctl -addUser $username
            home_prefix=/Users
          fi
          echo "NON_ADMIN_USER=$username" >>"$GITHUB_ENV"
          echo "NON_ADMIN_USER_HOME=$home_prefix/$username" >>"$GITHUB_ENV"
      - name: >
          Run bootstrap.sh with a non-admin non-sudo user without Homebrew installed
          (Homebrew installation requires sudo, so this step should error)
        id: bootstrap-non-admin-non-sudo
        run: |
          sudo \
            --preserve-env=STRAP_CI,STRAP_DEBUG,STRAP_DOTFILES_BRANCH,STRAP_GIT_EMAIL,STRAP_GIT_NAME,STRAP_GITHUB_USER,STRAP_SCRIPT_URL \
            -u "$NON_ADMIN_USER" bash -c '/usr/bin/env bash -c "$(curl -fsSL ${{ env.STRAP_SCRIPT_URL }})"'
        working-directory: ${{ env.NON_ADMIN_USER_HOME }}
        continue-on-error: true
      - run: |
          echo "Homebrew installation requires sudo, so non-admin non-sudo should fail"
          exit 1
        if: steps.bootstrap-non-admin-non-sudo.outcome == 'success'
      - name: Run bootstrap.sh with a non-admin sudo user without Homebrew installed
        run: |
          # TODO: need macOS command for adding sudo
          # sudo usermod -aG sudo "$NON_ADMIN_USER"
          SUDOERS_FILE="/etc/sudoers.d/$NON_ADMIN_USER"
          echo "$NON_ADMIN_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee "$SUDOERS_FILE"
          sudo chmod 0440 "$SUDOERS_FILE"
          sudo \
            --preserve-env=STRAP_CI,STRAP_DEBUG,STRAP_DOTFILES_BRANCH,STRAP_GIT_EMAIL,STRAP_GIT_NAME,STRAP_GITHUB_USER,STRAP_SCRIPT_URL \
            -u "$NON_ADMIN_USER" bash -c '/usr/bin/env bash -c "$(curl -fsSL ${{ env.STRAP_SCRIPT_URL }})"'
        working-directory: ${{ env.NON_ADMIN_USER_HOME }}
      - name: Run bootstrap.sh
        run: /usr/bin/env bash -c "$(curl -fsSL $STRAP_SCRIPT_URL)"
      - name: Rerun bootstrap.sh to test idempotence
        run: bash "$HOME/.dotfiles/bootstrap.sh"
      - name: Rerun bootstrap.sh with a non-admin user after Homebrew has been installed
        run: |
          sudo \
            --preserve-env=STRAP_CI,STRAP_DEBUG,STRAP_DOTFILES_BRANCH,STRAP_GIT_EMAIL,STRAP_GIT_NAME,STRAP_GITHUB_USER,STRAP_SCRIPT_URL \
            -u "$NON_ADMIN_USER" bash -c '/usr/bin/env bash "${{ env.NON_ADMIN_USER_HOME }}/.dotfiles/bootstrap.sh"'
        working-directory: ${{ env.NON_ADMIN_USER_HOME }}
      - name: Check Homebrew configuration
        run: brew config
      - name: Check for potential problems with brew doctor
        run: brew doctor || echo "Potential problems detected. See output for details."