name: CI

on:
  push:
    branches: [main]
  pull_request:

jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Validate JSON files
        run: |
          set -e
          for f in $(find . -name '*.json' -not -path './node_modules/*'); do
            echo "Validating $f"
            python3 -m json.tool "$f" > /dev/null
          done

      - name: Validate apps/ (manifest schema + compose shape)
        run: python3 scripts/validate-catalog.py

  shellcheck:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install shellcheck
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends shellcheck
      - name: Run shellcheck
        run: |
          set -e
          shellcheck scripts/*.sh
          # App dependency hooks (apps/*/scripts/*.sh) run inside provider
          # containers — lint them too. The glob may match nothing, so guard it.
          hooks=$(find apps -path 'apps/*/scripts/*.sh' 2>/dev/null || true)
          if [ -n "$hooks" ]; then
            echo "$hooks" | xargs shellcheck
          fi