name: Docker (tags)

on:
  push:
    tags-ignore:
      - '**'

env:
  IMAGE: code.foss.global/hosttoday/ht-docker-node:npmci
  NPMCI_COMPUTED_REPOURL: https://${-{gitea.repository_owner}-}:${-{secrets.GITEA_TOKEN}-}@{{gi.host}}/${-{gitea.repository}-}.git
  NPMCI_TOKEN_NPM: ${-{secrets.NPMCI_TOKEN_NPM}-}
  NPMCI_TOKEN_NPM2: ${-{secrets.NPMCI_TOKEN_NPM2}-}
  NPMCI_GIT_GITHUBTOKEN: ${-{secrets.NPMCI_GIT_GITHUBTOKEN}-}
  NPMCI_LOGIN_DOCKER_GITEA: ${-{ github.server_url }-}|${-{ gitea.repository_owner }-}|${-{ secrets.GITEA_TOKEN }-}
  NPMCI_LOGIN_DOCKER_DOCKERREGISTRY: ${-{ secrets.NPMCI_LOGIN_DOCKER_DOCKERREGISTRY }-}

jobs:
  security:
    runs-on: ubuntu-latest
    container:
      image: ${-{ env.IMAGE }-}
    continue-on-error: true

    steps:
      - uses: actions/checkout@v3

      - name: Install pnpm and npmci
        run: |
          pnpm install -g pnpm
          pnpm install -g @ship.zone/npmci
          npmci npm prepare

      - name: Audit production dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --prod
        continue-on-error: true

      - name: Audit development dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --dev
        continue-on-error: true

  test:
    needs: security
    runs-on: ubuntu-latest
    container:
      image: ${-{ env.IMAGE }-}

    steps:
      - uses: actions/checkout@v3

      - name: Prepare
        run: |
          pnpm install -g pnpm
          pnpm install -g @ship.zone/npmci
          npmci npm prepare

      - name: Test stable
        run: |
          npmci node install stable
          npmci npm install
          npmci npm test

      - name: Test build
        run: |
          npmci npm prepare
          npmci node install stable
          npmci npm install
          npmci command npm run build