name: super-api-embed

on: [push]

jobs:
  dependencies:
    name: 📦 Dependencies
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci

  lint:
    name: ⬣ ESLint
    runs-on: ubuntu-latest
    needs: [dependencies]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci
      - name: ⬣ ESLint
        run: npm run lint:check

  audit:
    name: 🛡️ Audit
    runs-on: ubuntu-latest
    needs: [dependencies]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - name: 🛡️ Audit
        run: npm audit --audit-level=high --omit=dev

  format:
    name: 🔬 Format
    runs-on: ubuntu-latest
    needs: [dependencies]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci
      - name: 🔬 Format
        run: npm run format:check

  spell:
    name: 🈸 Spellcheck
    runs-on: ubuntu-latest
    needs: [dependencies]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci
      - name: 🈸 Spellcheck
        run: npm run spell:check

  type:
    name: ʦ Typecheck
    runs-on: ubuntu-latest
    needs: [dependencies]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci
      - name: ʦ Typecheck
        run: npm run type:check

  test:
    name: ⚡ Tests
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [22.x, 23.x, 24.x, 25.x]
    needs: [dependencies]
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci
      - name: ⚡ Tests
        run: npm run test:coverage

  build-and-release:
    name: 🚀 Build & release
    needs: [lint, audit, format, spell, type, test]
    permissions:
      contents: write
      id-token: write # Enables use of OIDC for trusted publishing and npm provenance
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: package.json
          cache: "npm"
      - run: npm ci
      - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
        run: npm audit signatures
      - name: 🔨 Build
        run: npm run build
      - name: 🚀 Release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: npm run semantic-release