name: "CodeQL"

on:
  push:
    branches:
      - '*'  # Triggers on any branch push
    paths-ignore:
      - "**/README.md"
      - ".github/ISSUE_TEMPLATE/**"
      - "docs/**"
      - "images/**"
      - "manifest.json"

permissions: write-all

jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest

    # This job will only run if the repository is public
    if: ${{ github.event.repository.private == false }}

    strategy:
      fail-fast: false
      matrix:
        language: ["csharp"]

    steps:
      - uses: actions/checkout@v4

      - name: Check for BETA file
        id: check-beta
        run: |
          if [ -f "BETA" ]; then
            echo "IS_BETA=true" >> $GITHUB_ENV
          else
            echo "IS_BETA=false" >> $GITHUB_ENV
          fi

      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 8.0.x

      - name: Restore Beta dependencies
        if: ${{env.IS_BETA == 'true' }}
        run: |
          dotnet nuget add source --username ${{ github.repository_owner }} --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name jellyfin-pre "https://nuget.pkg.github.com/jellyfin/index.json"
          dotnet tool install --global dotnet-outdated-tool
          dotnet outdated -pre Always -u -inc Jellyfin

      - name: Restore dependencies
        if: ${{env.IS_BETA == 'false' }}
        run: dotnet restore

      - name: Initialize CodeQL
        uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
        with:
          languages: ${{ matrix.language }}
          queries: +security-extended

      - name: Autobuild
        uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4