name: ci

on:
  push:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.13'
      - run: pip install pyyaml ruff pytest
      - run: ruff check src/ tests/
      - run: PYTHONPATH=src pytest tests/ -v

  secrets:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - run: |
          curl -sSfL https://github.com/gitleaks/gitleaks/releases/latest/download/gitleaks_8.24.0_linux_x64.tar.gz \
            | tar xz -C /usr/local/bin gitleaks
      - run: gitleaks detect --source . -v

  build:
    needs: [test, secrets]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: |
          docker login harbor.mymx.me \
            -u "${{ secrets.HARBOR_USER }}" \
            -p "${{ secrets.HARBOR_PASS }}"
      - run: |
          docker build \
            -t harbor.mymx.me/s5p/s5p:latest \
            -f Containerfile .
      - run: docker push harbor.mymx.me/s5p/s5p:latest