# .woodpecker/ci.yml — Disinto CI pipeline
# Runs on every push and pull request.
#
# Steps:
#   1. shellcheck   — lint all .sh files (warnings+errors)
#   2. duplicate-detection — report copy-pasted code blocks (fails only on new duplicates for PRs)

when:
  event: [push, pull_request]

# Override default clone to authenticate against Forgejo using FORGE_TOKEN.
# Required because Forgejo is configured with REQUIRE_SIGN_IN, so anonymous
# git clones fail with exit code 128. FORGE_TOKEN is injected globally via
# WOODPECKER_ENVIRONMENT in docker-compose.yml (generated by lib/generators.sh).
clone:
  git:
    image: alpine/git
    commands:
      - AUTH_URL=$(printf '%s' "$CI_REPO_CLONE_URL" | sed "s|://|://token:$FORGE_TOKEN@|")
      - git clone --depth 1 "$AUTH_URL" .
      - git fetch --depth 1 origin "$CI_COMMIT_REF"
      - git checkout FETCH_HEAD

steps:
  - name: shellcheck
    image: koalaman/shellcheck-alpine:stable
    commands:
      - find . -name "*.sh" -not -path "./.git/*" -print0 | xargs -0 -r shellcheck --severity=warning

  - name: agent-smoke
    image: alpine:3
    when:
      event: pull_request
    commands:
      - apk add --no-cache bash
      - bash .woodpecker/agent-smoke.sh

  - name: duplicate-detection
    image: python:3-alpine
    commands:
      - apk add --no-cache git
      - python3 .woodpecker/detect-duplicates.py
    environment:
      DIFF_BASE: ${CI_COMMIT_TARGET_BRANCH}