#!/usr/bin/env bash
set -euo pipefail
ROOT="$(cd "$(dirname "$0")/.." && pwd)"
cd "$ROOT"
if [[ -f .venv/bin/activate ]]; then
  # shellcheck source=/dev/null
  source .venv/bin/activate
fi
ruff check applepy tests
pytest -q
if command -v ty >/dev/null 2>&1; then
  ty check applepy
fi
if command -v semgrep >/dev/null 2>&1; then
  # Exclude vendored upstream trees under applepy/data/ (not project-owned source).
  _applepy_py=()
  while IFS= read -r _f; do
    _applepy_py+=("$_f")
  done < <(
    find "${ROOT}/applepy" \( -path "${ROOT}/applepy/data/macos_security" -o -path "${ROOT}/applepy/data/lynis" \) \
      -prune -o -name "*.py" -print
  )
  semgrep --config="${ROOT}/semgrep.yml" --error "${_applepy_py[@]}"
  semgrep --config=p/python --error "${_applepy_py[@]}"
fi