name: Continuous Integration

on:
  pull_request:
    branches:
      - main
  push:
    branches:
      - main
      - 'releases/*'

permissions: {}

jobs:
  test-typescript:
    name: TypeScript Tests
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

      - name: Setup Node.js
        id: setup-node
        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
        with:
          node-version-file: .node-version
          cache: npm

      - name: Install Dependencies
        id: npm-ci
        run: npm ci

      - name: Check Format
        id: npm-format-check
        run: npm run format:check

      - name: Lint
        id: npm-lint
        run: npm run lint

      - name: Test
        id: npm-ci-test
        run: npm run ci-test

  test-attest-provenance:
    name: Test attest-provenance action
    runs-on: ubuntu-latest
    permissions:
      attestations: write
      contents: read
      id-token: write

    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Run attest-provenance
        id: attest-provenance
        uses: ./
        env:
          INPUT_PRIVATE-SIGNING: 'true'
        with:
          subject-digest: 'sha256:7d070f6b64d9bcc530fe99cc21eaaa4b3c364e0b2d367d7735671fa202a03b32'
          subject-name: 'subject'
          github-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Dump output
        run: jq < ${{ steps.attest-provenance.outputs.bundle-path }}