name: CI

on:
  pull_request:
  push:
    branches:
      - main

jobs:
  verify:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup .NET
        uses: actions/setup-dotnet@v4
        with:
          dotnet-version: 10.0.x

      - name: Restore
        run: dotnet restore CBDDC.slnx

      - name: Build (Warnings as Errors)
        run: dotnet build CBDDC.slnx --no-restore -warnaserror

      - name: Test
        run: dotnet test CBDDC.slnx --no-build

      - name: Format Check
        run: dotnet format CBDDC.slnx --verify-no-changes

      - name: Vulnerability Audit
        shell: bash
        run: |
          dotnet package list --project CBDDC.slnx --include-transitive --vulnerable --format json > vuln.json
          if grep -q '"severity"' vuln.json; then
            echo "Vulnerable packages detected."
            cat vuln.json
            exit 1
          fi

      - name: Deprecation Audit
        shell: bash
        run: |
          dotnet package list --project CBDDC.slnx --deprecated > deprecated.txt
          if grep -q "has the following deprecated packages" deprecated.txt; then
            echo "Deprecated packages detected."
            cat deprecated.txt
            exit 1
          fi