name: Audit pipeline

on:
  push:
    paths-ignore:
      - '.devcontainer/*'
      - '.github/*'
      - '!.github/workflows/audit.yml'
      - '.vscode/*'
      - '**.md'
      - '.env*'
      - 'LICENSE'
      - 'COPYING'
      - '.git*'
  pull_request:
    paths-ignore:
      - '.devcontainer/*'
      - '.github/*'
      - '!.github/workflows/audit.yml'
      - '.vscode/*'
      - '**.md'
      - '.env*'
      - 'LICENSE'
      - 'COPYING'
      - '.git*'
  workflow_dispatch:

jobs:
  audit:
    runs-on: ubuntu-latest
    container: node:24

    permissions:
      contents: read

    steps:
      - uses: actions/checkout@v6
      - run: npm install
      - run: npm audit

  build:
    runs-on: ubuntu-latest

    permissions:
      contents: read

    steps:
      - uses: actions/checkout@v6
      - uses: docker/build-push-action@v6
        with:
          context: .
          tags: "my-website:ci"