name: Ratify

# Runs after an amendment PR merges to main. For every proposal whose voting
# window is closed, it re-runs the vote gate, records the result on the audit
# ledger, bumps the constitution version per governance semver, flips the
# proposal status, and commits those artifacts back to main.

on:
  push:
    branches: [main]
    paths:
      - "proposals/**"
      - "votes/**"

permissions:
  contents: write

concurrency:
  group: ratify-main
  cancel-in-progress: false

jobs:
  ratify:
    name: Gate, ratify, and record
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install govtool
        run: |
          python -m pip install --upgrade pip
          pip install -e .
      - name: Detect proposals affected by this push
        run: |
          BEFORE="${{ github.event.before }}"
          if [ -n "$BEFORE" ] && ! echo "$BEFORE" | grep -Eq '^0+$' && git cat-file -e "$BEFORE" 2>/dev/null; then
            git diff --name-only "$BEFORE" "${{ github.sha }}" > changed.txt
          else
            git diff --name-only "HEAD~1" "HEAD" > changed.txt || git ls-files > changed.txt
          fi
          python -m govtool proposal detect --paths-file changed.txt > pids.txt
          echo "proposals affected:"
          cat pids.txt || true
      - name: Run gate and ratify
        run: |
          if [ ! -s pids.txt ]; then
            echo "no proposals affected by this push"
            exit 0
          fi
          while IFS= read -r pid; do
            [ -z "$pid" ] && continue
            status="$(python -m govtool proposal show --id "$pid" --field status || echo unknown)"
            echo "proposal ${pid}: status=${status}"
            if [ "$status" != "closed" ]; then
              echo "skipping ${pid}: only proposals with status 'closed' are ratified on merge"
              continue
            fi
            if python -m govtool gate --proposal "$pid" --record; then
              python -m govtool ratify --proposal "$pid"
            else
              echo "gate failed for ${pid}; recording rejection"
              python -m govtool proposal transition --id "$pid" --to rejected
            fi
          done < pids.txt
      - name: Verify ledger before committing
        run: python -m govtool ledger verify
      - name: Commit governance artifacts
        run: |
          git config user.name "fablepool-bot"
          git config user.email "fablepool-bot@users.noreply.github.com"
          git add -A
          if git diff --cached --quiet; then
            echo "nothing to commit"
          else
            git commit -m "governance: post-merge ratification artifacts [skip ci]"
            git push
          fi