# Woodpecker CI Pipeline
# Equivalent to GitHub Actions CI workflow
# Generated by dev-system/ci

when:
  event: [push, pull_request, manual]
  branch:
    - main
    - develop

steps:
  # === LINTING ===

  lint-rust:
    image: rust:latest
    commands:
      - curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/local/bin
      - rustup component add clippy
      - cargo fmt --all -- --check
      - cargo clippy --all-targets -- -D warnings

  lint-bash:
    image: koalaman/shellcheck-alpine:stable
    commands:
      - apk add --no-cache curl bash
      - find . -name '*.sh' -type f ! -path './target/*' -exec shellcheck {} +

  lint-nickel:
    image: rust:latest
    commands:
      - cargo install nickel-lang-cli --locked
      - find . -name '*.ncl' -type f ! -path './target/*' -exec nickel typecheck {} \;

  lint-nushell:
    image: rust:latest
    commands:
      - cargo install nu --locked
      - find . -name '*.nu' -type f ! -path './target/*' -exec nu --ide-check 100 {} \;

  lint-markdown:
    image: node:alpine
    commands:
      - npm install -g markdownlint-cli2
      - markdownlint-cli2 '**/*.md' '#node_modules' '#target'

  # === TESTING ===

  test:
    image: rust:latest
    commands:
      - cargo test --workspace --all-features
    depends_on:
      - lint-rust
      - lint-bash
      - lint-nickel
      - lint-nushell
      - lint-markdown

  # === BUILD ===

  build:
    image: rust:latest
    commands:
      - cargo build --release
    depends_on:
      - test

  # === SECURITY ===

  security-audit:
    image: rust:latest
    commands:
      - cargo install cargo-audit --locked
      - cargo audit --deny warnings
    depends_on:
      - lint-rust

  license-check:
    image: rust:latest
    commands:
      - cargo install cargo-deny --locked
      - cargo deny check licenses advisories
    depends_on:
      - lint-rust