# CI skeleton (TypeScript shape; no app code yet).
# Lights up to commitlint + gitleaks + trivy fs scan. Add lint/test/build jobs
# when this repo grows real package code.
name: ci

on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

jobs:
  shared:
    runs-on: docker
    steps:
      - uses: actions/checkout@v4
        with: { fetch-depth: 0 }

      - name: commitlint (PR only)
        if: github.event_name == 'pull_request'
        uses: wagoid/commitlint-github-action@v6

      - name: gitleaks
        uses: gitleaks/gitleaks-action@v2

      - name: trivy fs scan
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: fs
          severity: HIGH,CRITICAL
          exit-code: 1