name: CI

on:
  push:

jobs:
  test:
    runs-on: docker

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install system dependencies
        run: |
          apt-get update
          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
            pipx

      - name: Install cspresso
        run: |
          pipx install cspresso

      - name: Run cspresso
        run: |
           pipx ensurepath
           . ~/.bashrc
           cspresso https://cspresso.cafe \
             --with-deps \
             --bypass-csp \
             --ignore-non-html \
             --evaluate "base-uri 'self'; default-src 'self'; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'sha256-KrOywPyWP6lMUTRY11kMJQgQms5hqupf9gBFY8o8h/c=' 'sha256-QuPEWNp+rjVYSLUmS8MFUfVHy/Fh3081C+aZBHEczfA=' 'sha256-VUdRP0U3M75/QOdJSB5Paq5D84MZDuIdZAGrzGZgCHg=' 'unsafe-hashes' https://cdn.jsdelivr.net https://fonts.googleapis.com; style-src-attr 'sha256-KrOywPyWP6lMUTRY11kMJQgQms5hqupf9gBFY8o8h/c=' 'sha256-QuPEWNp+rjVYSLUmS8MFUfVHy/Fh3081C+aZBHEczfA=' 'sha256-VUdRP0U3M75/QOdJSB5Paq5D84MZDuIdZAGrzGZgCHg=' 'unsafe-hashes';" \
             --json

      # Notify if any previous step in this job failed
      - name: Notify on failure
        if: ${{ failure() }}
        env:
          WEBHOOK_URL: ${{ secrets.NODERED_WEBHOOK_URL }}
          REPOSITORY: ${{ forgejo.repository }}
          RUN_NUMBER: ${{ forgejo.run_number }}
          SERVER_URL: ${{ forgejo.server_url }}
        run: |
          curl -X POST \
               -H "Content-Type: application/json" \
               -d "{\"repository\":\"$REPOSITORY\",\"run_number\":\"$RUN_NUMBER\",\"status\":\"failure\",\"url\":\"$SERVER_URL/$REPOSITORY/actions/runs/$RUN_NUMBER\"}" \
               "$WEBHOOK_URL"