# Keep workflow name stable.
# Branch protection and external CI references rely on:
# - CI / verify (push)
# - CI / verify (pull_request)
name: CI

on:
  pull_request:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  verify:
    # Keep job id stable. Renaming it changes the status context.
    runs-on: ubuntu-latest
    env:
      WORKSPACE_DIR: ${{ github.workspace }}/repo
      REPO_URL: ${{ github.server_url }}/${{ github.repository }}.git
      REPO_SHA: ${{ github.sha }}
    steps:
      - name: Checkout repository
        run: |
          rm -rf "$WORKSPACE_DIR"
          git clone --depth 1 "$REPO_URL" "$WORKSPACE_DIR"
          cd "$WORKSPACE_DIR"
          git fetch --depth 1 origin "$REPO_SHA"
          git checkout "$REPO_SHA"

      - name: Verify Go toolchain
        run: |
          cd "$WORKSPACE_DIR"
          go version
          pwd
          test -f go.mod

      - name: Verify formatting
        run: |
          cd "$WORKSPACE_DIR"
          gofmt -w $(find . -name '*.go' -not -path './vendor/*')
          git diff --exit-code

      - name: Run unit and integration tests
        run: |
          cd "$WORKSPACE_DIR"
          go test ./... -count=1 -p 1

      - name: Run race tests
        run: |
          cd "$WORKSPACE_DIR"
          go test -race ./... -p 1

      - name: Run vet
        run: |
          cd "$WORKSPACE_DIR"
          go vet ./...

      - name: Check Gate scripts syntax
        run: |
          cd "$WORKSPACE_DIR"
          bash -n scripts/verify_preprod_gate_b.sh
          bash -n scripts/verify_gate_c_rollback.sh