name: Policy Lint & Smoke

on:
  pull_request:
    paths:
      - 'docs/policy/**'
      - 'docs/examples/policies/**'
      - 'src/Cli/**'
      - '.gitea/workflows/policy-lint.yml'
  push:
    branches: [ main ]
    paths:
      - 'docs/policy/**'
      - 'docs/examples/policies/**'
      - 'src/Cli/**'
      - '.gitea/workflows/policy-lint.yml'

jobs:
  policy-lint:
    runs-on: ubuntu-22.04
    env:
      DOTNET_NOLOGO: 1
      DOTNET_CLI_TELEMETRY_OPTOUT: 1
      DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
      TZ: UTC
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Task Pack offline bundle fixtures
        run: python3 scripts/packs/run-fixtures-check.sh
        with:
          fetch-depth: 0

      - name: Setup .NET 10 RC
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 10.0.100
          include-prerelease: true

      - name: Cache NuGet packages
        uses: actions/cache@v4
        with:
          path: |
            ~/.nuget/packages
            local-nugets/packages
          key: policy-lint-nuget-${{ runner.os }}-${{ hashFiles('**/*.csproj') }}

      - name: Restore CLI
        run: |
          dotnet restore src/Cli/StellaOps.Cli/StellaOps.Cli.csproj --configfile nuget.config

      - name: Lint policies (deterministic)
        run: |
          mkdir -p out/policy-lint
          dotnet run --project src/Cli/StellaOps.Cli/StellaOps.Cli.csproj -- \
            policy lint docs/examples/policies/*.stella \
            --format json --no-color \
            > out/policy-lint/lint.json

      - name: Smoke simulate entrypoint
        run: |
          dotnet run --project src/Cli/StellaOps.Cli/StellaOps.Cli.csproj -- policy simulate --help > out/policy-lint/simulate-help.txt

      - name: Upload lint artifacts
        uses: actions/upload-artifact@v4
        with:
          name: policy-lint
          path: out/policy-lint
          retention-days: 7