name: Soteria Scan

on:
  push:
    paths: ['programs/**']
  pull_request:
    branches: ['main', 'dev']
    paths: ['programs/**']
  workflow_dispatch: # Pick branch manually

env:
  CARGO_TERM_COLOR: always
  SOLANA_VERSION: '1.16.7'
  RUST_TOOLCHAIN: '1.69.0'

jobs:
  build:
    name: Soteria
    runs-on: ubuntu-latest
    if: (github.actor != 'dependabot[bot]')
    strategy:
      fail-fast: false
      matrix:
        program: ['programs/mango-v4/']
    env:
      PROGRAM_PATH: ${{ matrix.program }}

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Checkout submodules
        run: git submodule update --init

      - name: Cache dependencies
        uses: Swatinem/rust-cache@v2

      - name: Set Rust version
        run: rustup toolchain install ${{ env.RUST_TOOLCHAIN }}

      - name: Install Solana
        run: |
          sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
          echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
          export PATH="/home/runner/.local/share/solana/install/active_release/bin:$PATH"
          solana --version
          echo "Generating keypair..."
          solana-keygen new -o "$HOME/.config/solana/id.json" --no-passphrase --silent
          echo Installing sbf toolchain...
          (cd /home/runner/.local/share/solana/install/active_release/bin/sdk/sbf/scripts; ./install.sh)

      - name: Install Soteria
        run: |
          echo Installing Soteria...
          sh -c "$(curl -k https://supercompiler.xyz/install)"
          export PATH=$PWD/soteria-linux-develop/bin/:$PATH
          echo "$PWD/soteria-linux-develop/bin" >> $GITHUB_PATH
        shell: bash

      - name: Run Soteria
        run: |
          cd ${{ matrix.program }}
          soteria -analyzeAll .
        shell: bash