.github/workflows/ci.yml

name: Continuous Integration

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main, develop]
  schedule:
    - cron: '0 0 * * 0'  # Weekly on Sunday at midnight

env:
  CI: true
  FORCE_COLOR: true
  NODE_ENV: test

jobs:
  backend-ci:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [18.x, 20.x]
    defaults:
      run:
        working-directory: src/backend

    steps:
      - uses: actions/checkout@v3

      - name: Setup Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'

      - name: Cache dependencies
        uses: actions/cache@v3
        with:
          path: |
            src/backend/node_modules
            ~/.npm
          key: npm-deps-${{ runner.os }}-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            npm-deps-${{ runner.os }}-${{ matrix.node-version }}-
            npm-deps-${{ runner.os }}-

      - name: Install dependencies
        run: npm ci

      - name: Run linting
        run: npm run lint:fix

      - name: Type checking
        run: npm run typecheck

      - name: Run unit tests
        run: npm run test:coverage
        env:
          JEST_JUNIT_OUTPUT_DIR: ./test-results/
          JEST_JUNIT_OUTPUT_NAME: backend-test-results.xml

      - name: Run integration tests
        run: npm run test -- --testPathPattern=integration
        env:
          JEST_JUNIT_OUTPUT_DIR: ./test-results/
          JEST_JUNIT_OUTPUT_NAME: backend-integration-results.xml

      - name: Security audit
        run: npm run test:security

      - name: Upload test coverage
        uses: actions/upload-artifact@v3
        with:
          name: backend-coverage-${{ matrix.node-version }}
          path: src/backend/coverage
          retention-days: 30

      - name: Upload security report
        uses: actions/upload-artifact@v3
        with:
          name: backend-security-${{ matrix.node-version }}
          path: src/backend/security-reports
          retention-days: 30

  frontend-ci:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        node-version: [18.x, 20.x]
    defaults:
      run:
        working-directory: src/web

    steps:
      - uses: actions/checkout@v3

      - name: Setup Node.js ${{ matrix.node-version }}
        uses: actions/setup-node@v3
        with:
          node-version: ${{ matrix.node-version }}
          cache: 'npm'

      - name: Cache dependencies
        uses: actions/cache@v3
        with:
          path: |
            src/web/node_modules
            ~/.npm
          key: npm-deps-${{ runner.os }}-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            npm-deps-${{ runner.os }}-${{ matrix.node-version }}-
            npm-deps-${{ runner.os }}-

      - name: Install dependencies
        run: npm ci

      - name: Run linting
        run: npm run lint:fix

      - name: Type checking
        run: npm run typecheck

      - name: Run unit tests
        run: npm run test:coverage
        env:
          JEST_JUNIT_OUTPUT_DIR: ./test-results/
          JEST_JUNIT_OUTPUT_NAME: frontend-test-results.xml

      - name: Build application
        run: npm run build

      - name: Security audit
        run: npm audit

      - name: Upload test coverage
        uses: actions/upload-artifact@v3
        with:
          name: frontend-coverage-${{ matrix.node-version }}
          path: src/web/coverage
          retention-days: 30

      - name: Upload security report
        uses: actions/upload-artifact@v3
        with:
          name: frontend-security-${{ matrix.node-version }}
          path: src/web/security-reports
          retention-days: 30

  security-scan:
    runs-on: ubuntu-latest
    needs: [backend-ci, frontend-ci]
    steps:
      - uses: actions/checkout@v3

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v2
        with:
          languages: javascript, typescript
          queries: security-extended,security-and-quality

      - name: Run CodeQL Analysis
        uses: github/codeql-action/analyze@v2

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18.x'

      - name: Run OWASP Dependency Check
        run: |
          npm install -g @owasp/dependency-check
          dependency-check --project "Startup Metrics" --scan . --format HTML --format JSON

      - name: Run Snyk Security Scan
        run: |
          npm install -g snyk
          snyk test --all-projects --severity-threshold=high

      - name: Upload Security Reports
        uses: actions/upload-artifact@v3
        with:
          name: security-reports
          path: |
            **/security-reports/
            **/dependency-check-report.html
            **/snyk-report.json
          retention-days: 30