# Example: run audit-trace in GitHub Actions
#
# Install the CLI in your workflow (pick one):
# - npm install -g audit-trace  (after publishing to npm)
# - npm ci && npm install ../path-to/audit-trace && use node_modules/.bin/audit-trace
# - checkout this repo, npm ci && npm run build && node dist/cli.js ...

name: audit-trace-example

on:
  workflow_dispatch: {}

jobs:
  deps:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: "20"
      - run: npm ci
      - name: audit-trace report
        run: |
          if command -v audit-trace >/dev/null 2>&1; then
            audit-trace report --ci --json --fail-on high | tee audit-trace-report.json
          else
            echo "Install audit-trace first; see examples/github-actions/ci.yml header."
            exit 0
          fi
      - name: Job summary from diagnostics
        if: always() && hashFiles('audit-trace-report.json') != ''
        run: |
          echo "## audit-trace" >> "$GITHUB_STEP_SUMMARY"
          node -e "const r=require('./audit-trace-report.json');(r.diagnostics||[]).forEach(d=>console.log('- **'+d.code+'**: '+d.message));" >> "$GITHUB_STEP_SUMMARY" || true