name: Test nginx configuration

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

jobs:
  static-analysis:
    name: Static Analysis
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Run static analysis
        run: bash test.sh

  syntax-check:
    name: nginx Syntax Check
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install nginx
        run: |
          sudo apt-get update -q
          sudo apt-get install -y nginx-full

      - name: Deploy config to /etc/nginx
        run: sudo cp -a nginx/nginx/. /etc/nginx/

      - name: Create stub SSL certificates
        run: |
          openssl req -x509 -newkey rsa:2048 -keyout /tmp/stub.key \
            -out /tmp/stub.pem -days 1 -nodes -subj '/CN=stub'

          while IFS= read -r dir; do
            sudo mkdir -p "$dir"
            sudo cp /tmp/stub.pem "$dir/fullchain.pem"
            sudo cp /tmp/stub.key "$dir/privkey.pem"
          done < <(grep -rh 'ssl_certificate ' /etc/nginx/sites-available/ \
            | grep -v '#' \
            | grep -oP '/etc/letsencrypt/live/[^\s/]+' \
            | sort -u)

      - name: Run nginx syntax check
        run: sudo nginx -t