name: Default (not tags)

on:
  push:
    tags-ignore:
      - '**'

env:
  IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci
  NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@gitea.lossless.digital/${{gitea.repository}}.git
  NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
  NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
  NPMCI_GIT_GITHUBTOKEN: ${{secrets.NPMCI_GIT_GITHUBTOKEN}}
  NPMCI_URL_CLOUDLY: ${{secrets.NPMCI_URL_CLOUDLY}}

jobs:
  security:
    runs-on: ubuntu-latest
    continue-on-error: true
    container:
      image: ${{ env.IMAGE }}

    steps:
      - uses: actions/checkout@v3

      - name: Install pnpm and npmci
        run: |
          pnpm install -g pnpm
          pnpm install -g @shipzone/npmci

      - name: Run npm prepare
        run: npmci npm prepare

      - name: Audit production dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --prod
        continue-on-error: true

      - name: Audit development dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --dev
        continue-on-error: true

  test:
    if: ${{ always() }}
    needs: security
    runs-on: ubuntu-latest
    container:
      image: ${{ env.IMAGE }}

    steps:
      - uses: actions/checkout@v3

      - name: Test stable
        run: |
          npmci node install stable
          npmci npm install
          npmci npm test

      - name: Test build
        run: |
          npmci node install stable
          npmci npm install
          npmci npm build