name: Node CI

on:
  workflow_call:
    inputs:
      node_version:
        type: string
        default: "20"
      pnpm_version:
        type: string
        default: "10.23.0"
      working_directory:
        type: string
        default: "."
      cache_dependency_path:
        type: string
        default: "pnpm-lock.yaml"
      env:
        description: >
          Multiline env vars, one per line: KEY=VALUE
        required: false
        type: string
        default: ""
      format_command:
        type: string
        default: "pnpm format:check"
      lint_command:
        type: string
        default: "pnpm lint"
      typecheck_command:
        type: string
        default: "pnpm typecheck"
      test_command:
        type: string
        default: "pnpm test"
    secrets:
      ssh_private_key:
        required: false
      ssh_known_hosts:
        required: false

jobs:
  quality:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout source
        uses: actions/checkout@v4

      - name: Load env vars
        if: ${{ inputs.env != '' }}
        run: |
          while IFS= read -r line; do
            [ -z "$line" ] && continue
            case "$line" in \#*) continue;; esac
            if [[ "$line" != *=* ]]; then
              echo "Invalid env line: $line" >&2
              exit 1
            fi
            echo "$line" >> "$GITHUB_ENV"
          done <<< "${{ inputs.env }}"

      - name: Start ssh-agent
        if: ${{ secrets.ssh_private_key != '' }}
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.ssh_private_key }}

      - name: Add SSH known hosts
        if: ${{ secrets.ssh_known_hosts != '' }}
        run: |
          mkdir -p ~/.ssh
          printf '%s\n' "${{ secrets.ssh_known_hosts }}" >> ~/.ssh/known_hosts
          chmod 644 ~/.ssh/known_hosts

      - name: Set up Node
        uses: actions/setup-node@v4
        with:
          node-version: ${{ inputs.node_version }}
          cache: pnpm
          cache-dependency-path: ${{ inputs.cache_dependency_path }}

      - name: Enable corepack
        run: corepack enable
        working-directory: ${{ inputs.working_directory }}

      - name: Install pnpm
        run: corepack prepare pnpm@${{ inputs.pnpm_version }} --activate
        working-directory: ${{ inputs.working_directory }}

      - name: Install dependencies
        run: pnpm install --frozen-lockfile
        working-directory: ${{ inputs.working_directory }}

      - name: Run format check
        if: ${{ inputs.format_command != '' }}
        run: ${{ inputs.format_command }}
        working-directory: ${{ inputs.working_directory }}

      - name: Run lint
        if: ${{ inputs.lint_command != '' }}
        run: ${{ inputs.lint_command }}
        working-directory: ${{ inputs.working_directory }}

      - name: Run typecheck
        if: ${{ inputs.typecheck_command != '' }}
        run: ${{ inputs.typecheck_command }}
        working-directory: ${{ inputs.working_directory }}

      - name: Run tests
        if: ${{ inputs.test_command != '' }}
        run: ${{ inputs.test_command }}
        working-directory: ${{ inputs.working_directory }}