name: PR Check

# Validates Rust + frontend on every PR opened against main.
# Goal: catch compile errors, type errors, and failing tests BEFORE merge,
# instead of waiting for the release tag (which is when release.yml runs).
#
# Trigger is `pull_request` only — the previous `push` trigger duplicated
# every run when a branch was pushed and immediately opened as a PR (#171).
# Trade-off: branches pushed without an open PR don't get CI feedback. Open
# a draft PR if you want feedback before requesting review.

on:
  pull_request:
    branches:
      - main

# Cancel obsolete runs (e.g. on force-push) so only the latest commit runs.
concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true

jobs:
  rust:
    runs-on: ubuntu
    container: ubuntu:22.04
    env:
      PATH: /root/.cargo/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
      CARGO_TERM_COLOR: always
    steps:
      - name: Install system dependencies, Node.js and Rust
        run: |
          apt-get update
          apt-get install -y --no-install-recommends \
            curl wget git ca-certificates build-essential pkg-config \
            libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev libssl-dev \
            libdbus-1-dev
          # Node.js is required by actions/checkout and actions/cache (they
          # are JavaScript actions and need `node` in the container PATH).
          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
          apt-get install -y nodejs
          # Rust toolchain
          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --profile minimal
          node --version
          rustc --version
          cargo --version

      - name: Checkout
        uses: https://github.com/actions/checkout@v4

      - name: Cache cargo registry and git
        uses: https://github.com/actions/cache@v4
        with:
          path: |
            ~/.cargo/registry
            ~/.cargo/git
          key: ${{ runner.os }}-cargo-registry-${{ hashFiles('src-tauri/Cargo.lock') }}
          restore-keys: |
            ${{ runner.os }}-cargo-registry-

      - name: Cache cargo build target
        uses: https://github.com/actions/cache@v4
        with:
          path: src-tauri/target
          key: ${{ runner.os }}-cargo-target-${{ hashFiles('src-tauri/Cargo.lock') }}
          restore-keys: |
            ${{ runner.os }}-cargo-target-

      - name: cargo check
        run: cargo check --manifest-path src-tauri/Cargo.toml --all-targets

      - name: cargo test
        run: cargo test --manifest-path src-tauri/Cargo.toml --all-targets

      # Informational audit of transitive dependencies. Failure does not
      # block the CI (advisories can appear on unrelated crates and stall
      # unrelated work); surface them in the job log so we see them on
      # every PR run and can react in a follow-up.
      - name: cargo audit
        continue-on-error: true
        run: |
          cargo install --locked cargo-audit || true
          cargo audit --file src-tauri/Cargo.lock || true

  frontend:
    runs-on: ubuntu
    container: ubuntu:22.04
    steps:
      - name: Install Node.js 20
        run: |
          apt-get update
          apt-get install -y --no-install-recommends curl ca-certificates git
          curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
          apt-get install -y nodejs
          node --version
          npm --version

      - name: Checkout
        uses: https://github.com/actions/checkout@v4

      - name: Cache npm cache
        uses: https://github.com/actions/cache@v4
        with:
          path: ~/.npm
          key: ${{ runner.os }}-npm-${{ hashFiles('package-lock.json') }}
          restore-keys: |
            ${{ runner.os }}-npm-

      - name: Install dependencies
        run: npm ci

      - name: Build (tsc + vite)
        run: npm run build

      - name: Tests (vitest)
        run: npm test