name: Skills Registry CI

permissions:
  contents: write

on:
  push:
    branches: ["main", "feat/*"]
  pull_request:
    branches: ["main"]
  workflow_dispatch:

jobs:
  validate-and-build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.10"

      - name: Install dependencies
        run: |
          pip install pyyaml

      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: "lts/*"

      - name: Install npm dependencies
        run: npm ci

      - name: Verify directory structure
        run: |
          test -d skills/
          test -d apps/web-app/
          test -d tools/scripts/
          test -d tools/lib/
          test -f README.md
          test -f CONTRIBUTING.md

      - name: 🔍 Validate Skills (Soft Mode)
        run: |
          npm run validate

      - name: 🔗 Validate References
        run: |
          npm run validate:references

      - name: 🏗️ Generate Index
        run: |
          npm run index

      - name: 📝 Update README
        run: |
          npm run readme

      - name: Audit npm dependencies
        run: npm audit --audit-level=high
        continue-on-error: true

      - name: Run tests
        env:
          ENABLE_NETWORK_TESTS: "1"
        run: npm run test

      - name: 📦 Build catalog
        run: npm run catalog

      - name: Set up GitHub credentials (for auto-sync)
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        run: |
          git config user.name 'github-actions[bot]'
          git config user.email 'github-actions[bot]@users.noreply.github.com'
          git remote set-url origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git

      - name: Auto-commit registry drift (main only)
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        run: |
          # If no changes, exit successfully
          git diff --quiet && exit 0

          # Pull with rebase to integrate remote changes
          git pull origin main --rebase || true

          git add README.md skills_index.json data/skills_index.json data/catalog.json data/bundles.json data/aliases.json CATALOG.md || true

          # If nothing to commit, exit successfully
          git diff --cached --quiet && exit 0

          git commit -m "chore: sync generated registry files [ci skip]"
          git push origin HEAD

      - name: 🚨 Check for Uncommitted Drift
        run: |
          if ! git diff --quiet; then
            echo "❌ Detected uncommitted changes produced by registry/readme/catalog scripts."
            echo
            echo "To fix locally, run the FULL Validation Chain, then commit and push:"
            echo "  npm run chain"
            echo "  npm run catalog"
            echo "  git add README.md skills_index.json data/skills_index.json data/catalog.json data/bundles.json data/aliases.json CATALOG.md"
            echo "  git commit -m \"chore: sync generated registry files\""
            echo "  git push"
            exit 1
          fi