name: PR Validation

on:
  pull_request:
    branches: [main]

jobs:
  validate:
    runs-on: ubuntu-latest
    timeout-minutes: 5

    steps:
      - name: Checkout
        run: |
          git clone --depth=1 "https://x-access-token:${{ secrets.GITEA_TOKEN }}@git.farh.net/${{ github.repository }}.git" .
          git fetch origin "${{ github.base_ref }}" --depth=1
          git fetch origin "${{ github.head_ref }}" --depth=1
          git checkout "${{ github.sha }}"

      - name: Install actionlint
        run: |
          ACTIONLINT_VERSION="1.7.7"
          mkdir -p "$HOME/.local/bin"
          apt-get install -y wget -qq >/dev/null 2>&1 || true
          wget -qO- "https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VERSION}/actionlint_${ACTIONLINT_VERSION}_linux_amd64.tar.gz" \
            | tar -xz -C "$HOME/.local/bin" actionlint
          echo "$HOME/.local/bin" >> "$GITHUB_PATH"

      - name: Validate workflow YAML with actionlint
        run: actionlint -color .github/workflows/*.yaml

      - name: Install shellcheck
        run: |
          sudo apt-get update -qq && sudo apt-get install -y -qq shellcheck >/dev/null 2>&1

      - name: Shellcheck scripts
        run: |
          if ls .github/scripts/*.sh 1>/dev/null 2>&1; then
            for script in .github/scripts/*.sh; do
              echo "Checking ${script}..."
              shellcheck --severity=warning "$script"
            done
          else
            echo "No shell scripts to check"
          fi