# ============================================================================
# VaultMesh GitLab CI/CD Pipeline
# ============================================================================
# Governed by: RED-BOOK.md
# ============================================================================

stages:
  - validate
  - test

# ============================================================================
# DOC INVARIANTS
# ============================================================================
# Enforces documentation law on every push touching docs/doctrine/playbooks.

doc_invariants:
  stage: validate
  image: alpine:latest
  before_script:
    - apk add --no-cache bash grep findutils
  script:
    - bash scripts/doc-invariants.sh
  rules:
    - changes:
        - "*.md"
        - "playbooks/**/*"
        - "scripts/doc-invariants.sh"

# ============================================================================
# INFRA INVARIANTS
# ============================================================================
# Validates Terraform formatting + syntax on infrastructure changes.

infra_invariants:
  stage: validate
  image: hashicorp/terraform:latest
  script:
    - bash scripts/infra-invariants.sh
  rules:
    - changes:
        - "terraform/**/*"
        - "scripts/infra-invariants.sh"

# ============================================================================
# PYTHON SYNTAX CHECK
# ============================================================================
# Basic Python syntax validation for scripts and MCP tools.

python_check:
  stage: test
  image: python:3.11-slim
  script:
    - python -m py_compile oracle_runner.py oracle_answer_mcp.py mcp/oracle_answer/tool.py
    - python -c "from mcp.oracle_answer import OracleAnswerTool; print('✓ Import OK')"
  rules:
    - changes:
        - "*.py"
        - "mcp/**/*.py"
        - "scripts/*.py"