archicratie-edition/.gitea/workflows/ci.yml

name: CI

on:
  push:
  pull_request:
    branches: ["master"]

env:
  NODE_OPTIONS: --dns-result-order=ipv4first

defaults:
  run:
    shell: bash

jobs:
  build-and-anchors:
    runs-on: ubuntu-latest
    container:
      image: mcr.microsoft.com/devcontainers/javascript-node:20-bookworm

    steps:
      - name: Tools sanity
        run: |
          set -euo pipefail
          git --version
          node --version
          npm --version
          npm ping --registry=https://registry.npmjs.org

      # Checkout SANS action externe (pas de github.com)
      - name: Checkout (from Gitea, no external actions)
        run: |
          set -euo pipefail

          echo "GITEA_SERVER_URL=${GITEA_SERVER_URL:-}"
          echo "GITEA_REPOSITORY=${GITEA_REPOSITORY:-}"
          echo "GITEA_SHA=${GITEA_SHA:-}"
          echo "GITEA_REF=${GITEA_REF:-}"

          # On nettoie l'espace de travail (au cas où)
          rm -rf .git || true

          # URL du repo
          REPO_URL="${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git"

          # Auth via token si présent (Gitea fournit généralement GITEA_TOKEN)
          if [ -n "${GITEA_TOKEN:-}" ]; then
            AUTH_URL="$(echo "$REPO_URL" | sed "s#^https://#https://oauth2:${GITEA_TOKEN}@#")"
          else
            AUTH_URL="$REPO_URL"
          fi

          git init .
          git remote add origin "$AUTH_URL"

          # On récupère exactement le commit du run
          if [ -n "${GITEA_SHA:-}" ]; then
            git fetch --depth=1 origin "$GITEA_SHA"
            git checkout -q FETCH_HEAD
          else
            # fallback si SHA absent
            git fetch --depth=1 origin "${GITEA_REF:-master}"
            git checkout -q FETCH_HEAD
          fi

          git log -1 --oneline

      - name: NPM harden
        run: |
          set -euo pipefail
          npm config set fetch-retries 5
          npm config set fetch-retry-mintimeout 20000
          npm config set fetch-retry-maxtimeout 120000
          npm config set registry https://registry.npmjs.org
          npm config get registry

      - name: Install deps
        run: npm ci

      - name: Inline scripts syntax check
        run: node scripts/check-inline-js.mjs

      - name: Build
        run: npm run build

      - name: Anchors contract
        run: npm run test:anchors