# The CI gate. Runs inside the prebuilt nix toolchain image (built + pushed by
# build-ci-image.yaml), so the pinned 1.95.0 toolchain is already warm — steps
# just enter the flake devShell and run cargo.
#
# Gate = clippy + test. fmt is deliberately NOT gated yet (ADR-ci-002: the tree
# isn't clean under stock rustfmt; revisit on main). The release job (static
# binary for D2) and the platform matrix layer on later, step by step.
name: ci
on:
  push:
    # Branch pushes only — a tag push hits the same commit the branch push
    # already gated, so `branches: ['**']` drops the redundant tag-triggered
    # run (the release workflow owns tags). Pushing commits + a tag together
    # still gates the commits via the branch push.
    branches: ['**']
    # Skip the gate for changes that can't affect clippy/test — docs, markdown,
    # and the website subproject (it has its own workflow, website.yaml, that
    # builds + publishes it). A push touching crate code *and* these still runs
    # (paths-ignore only skips when *all* changed files match).
    # Note: flake/toolchain changes are NOT ignored — they can shift the
    # toolchain and thus lint/test outcomes.
    paths-ignore:
      - 'docs/**'
      - '**/*.md'
      - 'website/**'
      - '.gitea/workflows/website.yaml'
  pull_request:
    paths-ignore:
      - 'docs/**'
      - '**/*.md'
      - 'website/**'
      - '.gitea/workflows/website.yaml'

jobs:
  gate:
    runs-on: ci-public
    # Public package → anonymous pull, no credentials needed.
    container:
      image: git.lazyeval.net/oli/rdbms-playground-ci:latest
    steps:
      - uses: actions/checkout@v4
      - name: clippy (warnings denied)
        run: nix develop -c cargo clippy --all-targets -- -D warnings
      - name: test
        run: nix develop -c cargo test --no-fail-fast