name: ci

on:
  push:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.13'
      - run: pip install pyyaml ruff pytest
      - run: ruff check src/ tests/
      - run: PYTHONPATH=src pytest tests/ -v

  secrets:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - run: |
          docker run --rm \
            -v "$PWD:/scan:ro" \
            ghcr.io/gitleaks/gitleaks:latest \
            detect --source /scan -v

  build:
    needs: [test, secrets]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: echo "${{ secrets.HARBOR_PASS }}" | docker login harbor.mymx.me -u "${{ secrets.HARBOR_USER }}" --password-stdin
      - run: |
          docker build \
            -t harbor.mymx.me/s5p/s5p:latest \
            -f Containerfile .
      - run: docker push harbor.mymx.me/s5p/s5p:latest