# This action works transparently on both Blacksmith and GitHub-hosted runners.
# Blacksmith runners benefit from transparent caching and optional Docker layer caching.
# GitHub-hosted runners use standard GitHub Actions caching.

name: 'Node.js Build Setup'
description: 'Configures Node.js with pnpm, installs Aikido SafeChain for supply chain protection, installs dependencies, enables Turborepo caching, (optional) sets up Docker layer caching, and builds the project or an optional command.'

inputs:
  node-version:
    description: 'Node.js version to use. Pinned to 24.13.1 by default for reproducible builds.'
    required: false
    default: '24.13.1'
  enable-docker-cache:
    description: 'Whether to set up Blacksmith Buildx for Docker layer caching (Blacksmith runners only).'
    required: false
    default: 'false'
  build-command:
    description: 'Command to execute for building the project or an optional command. Leave empty to skip build step.'
    required: false
    default: 'pnpm build'

runs:
  using: 'composite'
  steps:
    - name: Setup pnpm
      uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0

    - name: Setup Node.js
      uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
      with:
        node-version: ${{ inputs.node-version }}
        cache: 'pnpm'

    - name: Install Aikido SafeChain
      if: runner.os != 'Windows'
      run: |
        VERSION="1.4.1"
        EXPECTED_SHA256="628235987175072a4255aa3f5f0128f31795b63970f1970ae8a04d07bf8527b0"
        curl -fsSL -o install-safe-chain.sh \
          "https://github.com/AikidoSec/safe-chain/releases/download/${VERSION}/install-safe-chain.sh"
        echo "${EXPECTED_SHA256}  install-safe-chain.sh" | sha256sum -c -
        sh install-safe-chain.sh --ci
        rm install-safe-chain.sh
      shell: bash

    - name: Install Dependencies
      run: pnpm install --frozen-lockfile
      shell: bash

    - name: Disable safe-chain
      if: runner.os != 'Windows'
      run: safe-chain teardown
      shell: bash

    - name: Configure Turborepo Cache
      uses: rharkor/caching-for-turbo@cda201ff2b32699a2ae9f59704db029e3dde4fbd # v2.3.5

    - name: Setup Docker Builder for Docker Cache (Blacksmith)
      if: ${{ inputs.enable-docker-cache == 'true' && vars.RUNNER_PROVIDER != 'github' }}
      uses: useblacksmith/setup-docker-builder@53647ab5afe8827af5623b35bd4302eabd41619f # v1.2.0

    - name: Setup Docker Builder (GitHub fallback)
      if: ${{ inputs.enable-docker-cache == 'true' && vars.RUNNER_PROVIDER == 'github' }}
      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0

    - name: Build Project
      if: ${{ inputs.build-command != '' }}
      run: |
        ${{ inputs.build-command }} --summarize
        node .github/scripts/send-build-stats.mjs || true
      shell: bash