name: CI
on:
  push:
    branches: [ main ]
  pull_request:
    types: [opened, synchronize, reopened]
    paths-ignore:
      - 'README.md'
      - 'LICENSE.md'
      - '.gitignore'
      - '.github/CODEOWNERS'
      - '.github/renovate.json'
      - '.github/dependabot.yml'

jobs:
  pythonci:
    uses: luketainton/gha-workflows/.github/workflows/ci-python.yml@main
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
  
  dockerci:
    uses: luketainton/gha-workflows/.github/workflows/ci-docker.yml@main
    secrets:
      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}