---
name: "Dev Container Checker"

on:
    workflow_dispatch:
    pull_request:
        types: [opened, reopened]
        paths:
            - ".devcontainer/**"
            - ".github/workflows/devcontainer-checker.yml"
    push:
        paths:
            - ".devcontainer/**"
            - ".github/workflows/devcontainer-checker.yml"

concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true

jobs:
    dev-container-checker:
        runs-on: ubuntu-latest

        steps:
            - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
              with:
                  egress-policy: block
                  allowed-endpoints: >
                      api.snapcraft.io:443
                      auth.docker.io:443
                      centralus.data.mcr.microsoft.com:443
                      deb.debian.org:443
                      deb.debian.org:80
                      dl.yarnpkg.com:443
                      eastus.data.mcr.microsoft.com:443
                      files.pythonhosted.org:443
                      ghcr.io:443
                      git.rootprojects.org:443
                      github.com:443
                      mcr.microsoft.com:443
                      nodejs.org:443
                      objects.githubusercontent.com:443
                      pkg-containers.githubusercontent.com:443
                      production.cloudflare.docker.com:443
                      pypi.org:443
                      registry-1.docker.io:443
                      registry.npmjs.org:443
                      webi.sh:443
                      westcentralus.data.mcr.microsoft.com:443
                      westus.data.mcr.microsoft.com:443

            - name: Checkout
              uses: actions/checkout@v3

            - name: Build and run dev container task
              uses: devcontainers/ci@v0.2
              with:
                  runCmd: |
                      poe lint
                      poe test