name: Guardrails

on:
  pull_request:
  push:

jobs:
  repository-guardrails:
    runs-on: ubuntu-latest

    steps:
      - name: Check out repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "22"

      - name: Set up pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9.12.3

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Compute git range
        id: git_range
        shell: bash
        run: |
          if [ "${GITHUB_EVENT_NAME}" = "pull_request" ]; then
            RANGE="${{ github.event.pull_request.base.sha }}..${{ github.sha }}"
          elif [ "${{ github.event.before }}" != "0000000000000000000000000000000000000000" ]; then
            RANGE="${{ github.event.before }}..${{ github.sha }}"
          else
            RANGE="${{ github.sha }}"
          fi
          echo "range=${RANGE}" >> "$GITHUB_OUTPUT"

      - name: Validate commit messages
        run: |
          python3 scripts/check_commit_message.py --rev-range "${{ steps.git_range.outputs.range }}"

      - name: Validate design and code sync
        run: |
          python3 scripts/check_doc_code_sync.py . --rev-range "${{ steps.git_range.outputs.range }}" --strict

      - name: Run repository tests
        run: |
          make test