name: PR Check (SDD Contract Gate)

on:
  pull_request:
    branches: [ main ]
    paths:
      - '.gitea/workflows/**'
      - 'scripts/**'
      - 'spec/**'
      - 'src/**'

jobs:
  contract-level-check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code (no GitHub dependency)
        shell: sh
        run: |
          set -eu

          # Try GITHUB_ vars first (Gitea usually provides these for compatibility)
          # Fallback to GITEA_ vars if GITHUB_ ones are empty
          SERVER_URL="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}"
          REPO_NAME="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}"
          COMMIT_SHA="${GITHUB_SHA:-${GITEA_SHA:-}}"

          # If still empty, try to detect from environment
          if [ -z "$SERVER_URL" ] || [ -z "$REPO_NAME" ] || [ -z "$COMMIT_SHA" ]; then
            echo "Warning: Some standard env vars are missing. Printing environment for debugging (excluding secrets)..."
            env | grep -E "GITEA|GITHUB|CI" | sort
          fi

          # Final validation
          : "${SERVER_URL:?Could not determine SERVER_URL}"
          : "${REPO_NAME:?Could not determine REPO_NAME}"
          : "${COMMIT_SHA:?Could not determine COMMIT_SHA}"

          echo "Using SERVER_URL=$SERVER_URL"
          echo "Using REPO_NAME=$REPO_NAME"
          echo "Using COMMIT_SHA=$COMMIT_SHA"

          # Clone using the determined URL (assuming no auth required for internal runner or handled by runner)
          git clone "$SERVER_URL/$REPO_NAME.git" .
          git checkout "$COMMIT_SHA"

      - name: Run OpenAPI Contract Level Check
        env:
          # For PRs targeting main, enforce provider >= L2
          REQUIRE_PROVIDER_L2: "1"
        shell: sh
        run: |
          set -eu
          chmod +x scripts/check-openapi-level.sh
          ./scripts/check-openapi-level.sh

      - name: YAML Parse Check (Optional)
        shell: sh
        run: |
          set -eu
          if command -v python3 >/dev/null 2>&1; then
            python3 -c "import sys; print('python3:', sys.version.split()[0])"
            
            # Try to install pyyaml if missing
            if ! python3 -c "import yaml" 2>/dev/null; then
              echo "PyYAML missing, attempting to install..."
              python3 -m pip install pyyaml --user >/dev/null 2>&1 || true
            fi

            # Check again and run if available
            if python3 -c "import yaml" 2>/dev/null; then
              find spec -name "*.yaml" -o -name "*.yml" | xargs -I {} python3 -c "import yaml; yaml.safe_load(open('{}'))"
              echo "YAML check passed."
            else
              echo "PyYAML still missing; skipping YAML parse check."
            fi
          else
            echo "python3 not available; skip YAML parse check"
          fi