name: CI
on:
  push:
    branches: [main]
  pull_request:

permissions:
  contents: read

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 25

      - name: Install pnpm
        run: corepack enable && corepack prepare pnpm@10 --activate

      - name: Install dependencies
        run: pnpm install --frozen-lockfile

      - name: Lint
        run: pnpm lint
      - name: Type Check
        run: pnpm typecheck
      - name: Format Check
        run: pnpm format:check
      - name: Test
        run: pnpm test
      - name: Build
        run: pnpm build

  security:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - uses: github/codeql-action/init@v3
        with:
          languages: javascript-typescript
      - uses: github/codeql-action/analyze@v3