on.pr.yml

name: "Pull Request"

"on":
  pull_request:
    paths-ignore:
      - '*.md'
      - 'images/**'

permissions:
  contents: read

jobs:
  #
  # --- Builds: Earthly ---
  #

  ## Gradle: Earthly
  build-earthly-gradle:
    name: "Gradle (Earthly, Java ${{ matrix.java }})"
    uses: ./.github/workflows/gradle.earthly.yml
    secrets: inherit
    strategy:
      fail-fast: false
      matrix:
        java: [17, 21]
    permissions:
      contents: read
      packages: write
    with:
      runner: ubuntu-latest
      java: ${{ matrix.java }}

  ## Gradle: Earthly
  build-earthly-maven:
    name: "Maven (Earthly, Java ${{ matrix.java }})"
    uses: ./.github/workflows/maven.earthly.yml
    secrets: inherit
    strategy:
      fail-fast: false
      matrix:
        java: [17, 21]
    permissions:
      contents: read
      packages: write
    with:
      runner: ubuntu-latest
      java: ${{ matrix.java }}

  #
  # --- Builds: Batect ---
  #

  # coming soon.

  #
  # --- Checks ---
  #

  ## Scan code with CodeQL.
  checks-codeql:
    name: "Checks"
    uses: ./.github/workflows/checks.codeql.yml
    permissions:
      contents: read
      actions: read
      security-events: write

  ## Scan dependencies for vulnerabilities.
  checks-deps-review:
    name: "Checks"
    uses: ./.github/workflows/checks.dependency-review.yml
    permissions:
      contents: read
      pull-requests: write
      security-events: write