name: subscriptions

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  test:
    if: gitea.event_name == 'pull_request'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v7
      - uses: actions/setup-go@v6
        with:
          go-version: 'stable'
      - name: Format check
        run: |
          go install mvdan.cc/gofumpt@latest
          test -z "$(gofumpt -l .)"
      - name: Run tests
        run: go test -race -coverprofile=coverage.txt ./...

      - name: Filter test files from coverage
        run: |
          grep -v -E '_test\.go:' coverage.txt > coverage.filtered.txt || true
          mv coverage.filtered.txt coverage.txt

      - name: Check coverage
        id: coverage
        run: |
          go install github.com/vladopajic/go-test-coverage/v2@latest
          go-test-coverage --config ./.testcoverage.yml --github-action-output
      - name: Restore baseline coverage
        uses: actions/cache/restore@v5
        with:
          path: coverage-baseline.txt
          key: coverage-baseline-${{ gitea.run_id }}
          restore-keys: |
            coverage-baseline-
      - name: Compare coverage
        run: |
          CURRENT="${{ steps.coverage.outputs.total-coverage }}"
          if [ -f coverage-baseline.txt ]; then
            BASE=$(cat coverage-baseline.txt)
            echo "Base coverage: ${BASE}%"
            echo "Current coverage: ${CURRENT}%"
            if [ "$(echo "$CURRENT < $BASE" | bc -l)" -eq 1 ]; then
              echo "::error::Coverage decreased from ${BASE}% to ${CURRENT}%"
              exit 1
            fi
            echo "Coverage maintained or improved: ${BASE}% -> ${CURRENT}%"
          else
            echo "No baseline coverage found yet, skipping comparison"
            echo "Current coverage: ${CURRENT}%"
          fi
      - name: Post coverage comment
        env:
          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
          GITEA_URL: ${{ gitea.server_url }}
        run: |
          COVERAGE="${{ steps.coverage.outputs.total-coverage }}"
          curl -X POST "${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
            -H "Authorization: token ${GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "{\"body\": \"## Coverage Report\n\nTotal coverage: **${COVERAGE}%**\"}"

  coverage-baseline:
    # Records main's coverage into the Actions cache for the next PR's
    # regression gate to read. Post-merge only, not a required check, blocks
    # nothing (cf. ADR-0010).
    if: gitea.event_name == 'push'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v7
      - uses: actions/setup-go@v6
        with:
          go-version: 'stable'
      - name: Compute coverage
        id: coverage
        run: |
          go install github.com/vladopajic/go-test-coverage/v2@latest
          go test -coverprofile=coverage.txt ./...
          grep -v -E '_test\.go:' coverage.txt > coverage.filtered.txt || true
          mv coverage.filtered.txt coverage.txt
          go-test-coverage --config ./.testcoverage.yml --github-action-output
      - name: Write baseline file
        run: echo "${{ steps.coverage.outputs.total-coverage }}" > coverage-baseline.txt
      - name: Save baseline to cache
        uses: actions/cache/save@v5
        with:
          path: coverage-baseline.txt
          key: coverage-baseline-${{ gitea.run_id }}

  vulnerabilities:
    if: gitea.event_name == 'pull_request'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v7
      - uses: actions/setup-go@v6
        with:
          go-version: 'stable'
      - name: Check vulnerabilities
        run: |
          go install golang.org/x/vuln/cmd/govulncheck@latest
          govulncheck ./...