1on:
 2  pull_request:
 3    branches:
 4      - main
 5
 6jobs:
 7  CI:
 8    runs-on: ubuntu-latest
 9
10    permissions:
11      contents: read
12      pull-requests: write
13
14    steps:
15      - uses: actions/checkout@v6.0.2
16        with:
17          persist-credentials: false
18      - name: Validate CUE schemas
19        uses: ./.github/actions/validate-cue
20      - name: Validate the security-insights file
21        run: make lintinsights
22      - name: Setup Go
23        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
24        with:
25          go-version: stable
26      - name: Run Schema Test
27        run: make test
28
29  check-generated-content:
30    runs-on: ubuntu-latest
31
32    permissions:
33      contents: read
34
35    steps:
36      - uses: actions/checkout@v6.0.2
37        with:
38          persist-credentials: false
39          fetch-depth: 0
40
41      - name: Setup Go
42        uses: actions/setup-go@v6
43        with:
44          go-version: stable
45
46      - name: Check for committed generated content
47        run: |
48          echo "Checking for generated content in PR..."
49
50          # Run cleanup to remove any generated content
51          make cleanup
52
53          # Check if cleanup produced any changes (meaning generated files were committed)
54          if [ -n "$(git status --porcelain)" ]; then
55            echo "ERROR: Generated content detected in PR!"
56            echo ""
57            echo "The following changes were made by 'make cleanup', indicating generated files were committed:"
58            git diff --stat
59            echo ""
60            echo "Generated files should only exist during site builds, not in git."
61            echo "Please run 'make cleanup' locally and commit the changes to remove generated files."
62            exit 1
63          fi
64
65          echo "No generated content detected - PR is clean!"
66
67      - name: Verify generated files are gitignored
68        run: |
69          echo "Verifying generated files are properly gitignored..."
70
71          # Generate files to ensure they would be ignored
72          make gendocs
73
74          # Check if any generated schema files or definitions.md show up in git status
75          # (termlinker modifies tracked files, so we ignore those changes)
76          generated_files=$(git status --porcelain | grep -E "(docs/schema/.*\.md|docs/model/02-definitions\.md)" | grep -v "docs/schema/index.md" || true)
77
78          if [ -n "$generated_files" ]; then
79            echo "ERROR: Generated files are not properly gitignored!"
80            echo ""
81            echo "Files that should be ignored but are showing up in git status:"
82            echo "$generated_files"
83            echo ""
84            echo "Please check .gitignore configuration."
85            exit 1
86          fi
87
88          echo "Generated files are properly gitignored!"
89
90          # Clean up generated files and links
91          make cleanup