name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  quality:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: 'npm'
      - run: npm ci
      - run: npm run test
      - run: npm audit --audit-level=high
      - name: Install Semgrep
        run: python3 -m pip install --user semgrep
      - name: Semgrep scan
        run: semgrep scan --config=auto --error --severity=ERROR