name: CI

on:
  push:
    branches: [main, master, develop]
  pull_request:
    branches: [main, master, develop]

env:
  NODE_VERSION: '20'

jobs:
  # Backend Tests and Build
  backend:
    name: Backend CI
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:15
        env:
          POSTGRES_USER: test_user
          POSTGRES_PASSWORD: test_password
          POSTGRES_DB: test_db
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

      redis:
        image: redis:7
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    defaults:
      run:
        working-directory: apps/backend

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'npm'
          cache-dependency-path: apps/backend/package-lock.json

      - name: Install dependencies
        run: npm ci

      - name: Run linting
        run: npm run lint || true
        continue-on-error: true

      - name: Run tests
        run: npm test
        env:
          NODE_ENV: test
          DB_HOST: localhost
          DB_PORT: 5432
          DB_NAME: test_db
          DB_USER: test_user
          DB_PASSWORD: test_password
          JWT_SECRET: test-jwt-secret
          REDIS_HOST: localhost
          REDIS_PORT: 6379

      - name: Build
        run: npm run build

      - name: Upload backend build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: backend-dist
          path: apps/backend/dist
          retention-days: 7

  # Frontend Build
  frontend:
    name: Frontend CI
    runs-on: ubuntu-latest

    defaults:
      run:
        working-directory: apps/frontend

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'npm'
          cache-dependency-path: apps/frontend/package-lock.json

      - name: Install dependencies
        run: npm ci

      - name: Run linting
        run: npm run lint || true
        continue-on-error: true

      - name: Type check
        run: npx tsc --noEmit || true
        continue-on-error: true

      - name: Build
        run: npm run build
        env:
          VITE_API_URL: https://api.example.com

      - name: Upload frontend build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: frontend-dist
          path: apps/frontend/dist
          retention-days: 7

  # Security scanning
  security:
    name: Security Scan
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Run npm audit (backend)
        working-directory: apps/backend
        run: npm audit --audit-level=high || true
        continue-on-error: true

      - name: Run npm audit (frontend)
        working-directory: apps/frontend
        run: npm audit --audit-level=high || true
        continue-on-error: true

  # Summary job
  ci-summary:
    name: CI Summary
    runs-on: ubuntu-latest
    needs: [backend, frontend, security]
    if: always()

    steps:
      - name: Check job results
        run: |
          echo "Backend: ${{ needs.backend.result }}"
          echo "Frontend: ${{ needs.frontend.result }}"
          echo "Security: ${{ needs.security.result }}"

          if [ "${{ needs.backend.result }}" == "failure" ] || [ "${{ needs.frontend.result }}" == "failure" ]; then
            echo "CI failed!"
            exit 1
          fi

          echo "CI passed!"