name: Codex Template Compliance

on:
  push:
    branches:
      - main
      - master
  pull_request:
  workflow_dispatch:

jobs:
  template-compliance:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Check required Codex files
        shell: bash
        run: |
          missing=0

          required_files=(
            "AGENTS.md"
            ".codex/project.md"
            "README.md"
          )

          recommended_files=(
            "SECURITY.md"
            "CHANGELOG.md"
            "docs/agent-handoff.md"
          )

          for file in "${required_files[@]}"; do
            if [ ! -f "$file" ]; then
              echo "Missing required Codex file: $file"
              missing=1
            fi
          done

          for file in "${recommended_files[@]}"; do
            if [ ! -f "$file" ]; then
              echo "Recommended Codex file not found: $file"
            fi
          done

          if [ "$missing" -eq 1 ]; then
            exit 1
          fi

      - name: Check unresolved placeholders
        shell: bash
        run: |
          found=0
          paths=(AGENTS.md README.md SECURITY.md CHANGELOG.md .codex docs .gitea blueprint.md blueprint.json)
          pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|AUTHOR_NAME|PROJECT_STACK|DOWNLOAD_URL|CI_URL|RELEASES_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND|README_COMMAND|INSTALL_COMMAND|DEV_COMMAND|PACKAGE_MANAGER|PROJECT_VERSION|COMMIT_OR_VERSION'

          for path in "${paths[@]}"; do
            [ -e "$path" ] || continue
            if grep -RInE --exclude-dir=.git --exclude=release-dry-run.yml --exclude=template-compliance.yml "$pattern" "$path"; then
              found=1
            fi
          done

          if [ "$found" -eq 1 ]; then
            echo "Unresolved template placeholders found. Replace real values or mark genuinely unknown values as PENDING."
            exit 1
          fi

      - name: Check workflow baseline
        shell: bash
        run: |
          echo "Detected Gitea workflows:"
          find .gitea/workflows -maxdepth 1 -type f -name '*.yml' -print 2>/dev/null || true

          if [ ! -f ".gitea/workflows/security-scan.yml" ]; then
            echo "Recommended workflow missing: .gitea/workflows/security-scan.yml"
          fi

          if [ ! -f ".gitea/workflows/repo-cleanup.yml" ]; then
            echo "Recommended workflow missing: .gitea/workflows/repo-cleanup.yml"
          fi

      - name: Compliance guidance
        shell: bash
        run: |
          cat <<'EOF'
          Codex template compliance check completed.

          This workflow verifies agent context and template hygiene. It does
          not change files automatically.

          Recommended manual follow-up:
          - add missing required Codex context files,
          - replace unresolved placeholders,
          - keep README and project context aligned,
          - document intentional exceptions in .codex/project.md.
          EOF