name: Deploy Guard

on:
  pull_request:
    branches: [main]

jobs:
  deploy-guard:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
          cache: 'pip'

      - name: Install test dependencies
        run: pip install pytest

      - name: Run deploy guard tests
        run: pytest tests/test_deploy_guard.py tests/test_sync_data.py -v -m "not live"

      - name: Validate sudoers syntax (Docker)
        run: |
          SUDOERS_FILES=$(find server/ -name 'sudoers-*' -type f)
          if [ -z "$SUDOERS_FILES" ]; then
            echo "No sudoers files found, skipping"
            exit 0
          fi
          docker run --rm -v "${{ github.workspace }}:/src:ro" -w /src ubuntu:24.04 \
            /bin/bash -c "apt-get update -qq && apt-get install -y -qq sudo >/dev/null 2>&1 && \
            find server/ -name 'sudoers-*' -exec visudo -cf {} \;"