name: Default (not tags)

on:
  push:
    tags-ignore:
      - '**'

env:
  IMAGE: code.foss.global/hosttoday/ht-docker-node:npmci
  NPMCI_COMPUTED_REPOURL: https://${-{gitea.repository_owner}-}:${-{secrets.GITEA_TOKEN}-}@{{git.host}}/${-{gitea.repository}-}.git
  NPMCI_TOKEN_NPM: ${-{secrets.NPMCI_TOKEN_NPM}-}
  NPMCI_TOKEN_NPM2: ${-{secrets.NPMCI_TOKEN_NPM2}-}
  NPMCI_GIT_GITHUBTOKEN: ${-{secrets.NPMCI_GIT_GITHUBTOKEN}-}
  NPMCI_URL_CLOUDLY: ${-{secrets.NPMCI_URL_CLOUDLY}-}

jobs:
  security:
    runs-on: ubuntu-latest
    continue-on-error: true
    container:
      image: ${-{ env.IMAGE }-}

    steps:
      - uses: actions/checkout@v3

      - name: Install pnpm and npmci
        run: |
          pnpm install -g pnpm
          pnpm install -g @ship.zone/npmci

      - name: Run npm prepare
        run: npmci npm prepare

      - name: Audit production dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --prod
        continue-on-error: true

      - name: Audit development dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --dev
        continue-on-error: true

  test:
    if: ${-{ always() }-}
    needs: security
    runs-on: ubuntu-latest
    container:
      image: ${-{ env.IMAGE }-}

    steps:
      - uses: actions/checkout@v3

      - name: Test stable
        run: |
          npmci node install stable
          npmci npm install
          npmci npm test

      - name: Test build
        run: |
          npmci node install stable
          npmci npm install
          npmci npm build