# Nomarchy CI — eval + lint.
#
# Catches the regressions that hurt today:
#   1. Flake stops evaluating (broken option ref, missing import, etc.).
#   2. A `nomarchy-*` shell script has a syntax error or a shellcheck
#      error-severity issue.
#   3. `docs/SCRIPTS.md` drifts from the repo state because somebody
#      added / removed / renamed a script and didn't run the generator
#      (the pre-commit hook handles this, but only when enabled per-clone).
#
# Doesn't build ISOs — that needs a binary cache. Add a separate job
# once Cachix/Attic is in place.

name: Check

on:
  push:
    branches: [main]
  pull_request:

jobs:
  eval-and-lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          # Match the runner's effective channel. Nomarchy itself tracks
          # nixos-25.11 via flake.nix; the installer-action default is fine.
          extra-conf: |
            experimental-features = nix-command flakes

      - name: nix flake check --no-build
        run: nix flake check --no-build

      - name: Lint nomarchy-* scripts (bash -n + shellcheck)
        run: |
          # Mirror what .githooks/pre-commit runs locally, but across the
          # whole tree instead of just changed files. Pre-commit gates
          # individual commits; CI gates branches (including --no-verify
          # bypasses).
          set -e
          fail=0
          while IFS= read -r script; do
            [[ -f "$script" ]] || continue
            # Python helpers ship under the same nomarchy- prefix
            # (e.g. nomarchy-haptic-touchpad). Skip non-bash.
            head -1 "$script" | grep -qE '^#!.*\bbash\b' || continue
            if ! bash -n "$script"; then
              echo "::error file=$script::bash syntax error"
              fail=1
            fi
            if ! nix shell nixpkgs#shellcheck --command shellcheck \
                  --severity=error --shell=bash "$script"; then
              echo "::error file=$script::shellcheck error-severity issue"
              fail=1
            fi
          done < <(find features/scripts/utils core/system/scripts \
                        themes/engine/scripts \
                        -maxdepth 1 -type f -name 'nomarchy-*')
          exit "$fail"

      - name: docs/SCRIPTS.md is up to date
        run: |
          # Regenerate to a temp file and compare. If different, the
          # contributor forgot to run the generator (or skipped the
          # pre-commit hook). Fail loudly and tell them the fix.
          ./bin/utils/nomarchy-docs-scripts --out /tmp/SCRIPTS.regen.md
          if ! diff -q docs/SCRIPTS.md /tmp/SCRIPTS.regen.md >/dev/null; then
            echo "::error::docs/SCRIPTS.md is stale."
            echo "Run: ./bin/utils/nomarchy-docs-scripts --out docs/SCRIPTS.md"
            echo "Then commit the regenerated file."
            echo "--- diff ---"
            diff -u docs/SCRIPTS.md /tmp/SCRIPTS.regen.md || true
            exit 1
          fi