name: Repository health

on:
  pull_request:
  push:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: read
  security-events: write

env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"

jobs:
  oss-signal:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - uses: SalmonPlays/oss-signal@v0.8.4
        id: oss-signal
        with:
          fail-under: "80"
          output: oss-signal-report.md
          summary: "true"
      - uses: SalmonPlays/oss-signal@v0.8.4
        with:
          format: sarif
          output: oss-signal.sarif
          summary: "false"
      - uses: github/codeql-action/upload-sarif@v4
        if: github.event_name != 'pull_request'
        with:
          sarif_file: oss-signal.sarif
      - uses: actions/upload-artifact@v5
        with:
          name: oss-signal-report
          path: |
            oss-signal-report.md
            oss-signal.sarif