name: Docker (tags)

on:
  push:
    tags-ignore:
      - '**'

env:
  IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci
  NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@gitea.lossless.digital/${{gitea.repository}}.git
  NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
  NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
  NPMCI_GIT_GITHUBTOKEN: ${{secrets.NPMCI_GIT_GITHUBTOKEN}}
  NPMCI_LOGIN_DOCKER_GITEA: ${{ github.server_url }}|${{ gitea.repository_owner }}|${{ secrets.GITEA_TOKEN }}
  NPMCI_LOGIN_DOCKER_DOCKERREGISTRY: ${{ secrets.NPMCI_LOGIN_DOCKER_DOCKERREGISTRY }}

jobs:
  security:
    runs-on: ubuntu-latest
    container:
      image: ${{ env.IMAGE }}
    continue-on-error: true

    steps:
      - uses: actions/checkout@v3

      - name: Install pnpm and npmci
        run: |
          pnpm install -g pnpm
          pnpm install -g @shipzone/npmci
          npmci npm prepare

      - name: Audit production dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --prod
        continue-on-error: true

      - name: Audit development dependencies
        run: |
          npmci command npm config set registry https://registry.npmjs.org
          npmci command pnpm audit --audit-level=high --dev
        continue-on-error: true

  test:
    needs: security
    runs-on: ubuntu-latest
    container:
      image: ${{ env.IMAGE }}

    steps:
      - uses: actions/checkout@v3

      - name: Prepare
        run: |
          pnpm install -g pnpm
          pnpm install -g @shipzone/npmci
          npmci npm prepare

      - name: Test stable
        run: |
          npmci node install stable
          npmci npm install
          npmci npm test

      - name: Test build
        run: |
          npmci npm prepare
          npmci node install stable
          npmci npm install
          npmci command npm run build