name: Validate committed public docs

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: read

jobs:
  validate-public-docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Ensure committed docs/public exists
        run: |
          test -d docs/public
          test -n "$(find docs/public -mindepth 1 -print -quit)"
      - name: Install MkDocs
        run: |
          python3 -m pip install --user mkdocs
      - name: Validate docs content
        run: |
          set -e
          test -s docs/public/physical-topology.svg
          test -s docs/public/docker-traefik-dynu.svg
          ! grep -R "Host inventory JSON not found" docs/public
          ! grep -R "Generate terraform inventory" docs/public
          ! rg -n -i "password|token|api[_-]?key|secret" docs/public
      - name: Build MkDocs site
        run: |
          python3 -m mkdocs build -f mkdocs-public.yml --strict