name: CI
on:
  pull_request:
  push:
env:
  DATABASE_URL: postgresql://georm:georm@postgres:5432/georm

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.ref != 'ref/heads/master' }}

jobs:
  tests:
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:js-latest
      options: --security-opt seccomp=unconfined
    permissions:
      pull-requests: write
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_PASSWORD: georm
          POSTGRES_USER: georm
          POSTGRES_DB: georm
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 10s
          --health-retries 5
    steps:
      - uses: actions/checkout@v4
      - name: Install Nix
        uses: cachix/install-nix-action@v31
      - name: Install devenv
        run: nix profile install nixpkgs#devenv
      - name: Migrate database
        run: devenv shell just migrate
      - name: Formatting check
        run: devenv shell just format-check
      - name: Lint
        run: devenv shell just lint
      - name: Audit
        run: devenv shell just audit
      - name: Tests
        run: devenv shell just test