name: CI / CD Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
  workflow_dispatch:

jobs:
  # ============================================================
  # JOB 1 : CI & Quality Gate
  # ============================================================
  build:
    runs-on: ubuntu-latest
    steps:
      - name: 📥 Checkout
        uses: actions/checkout@v4

      - name: 📦 Install pnpm
        run: npm install -g pnpm@10.32.1

      - name: 🟢 Setup Node
        uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'npm' # Note: cache: 'pnpm' requires additional setup action, using npm cache for basic caching or skipping, but we can just use simple setup

      - name: 📦 Install deps
        run: pnpm install --frozen-lockfile

      - name: 🧹 Lint
        run: pnpm lint

      - name: 🔍 Security & quality checks
        run: |
          # UUID misuse check (ADR-019)
          if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "parseInt(.*uuid" .; then
            echo "❌ UUID misuse detected"
            exit 1
          fi
          # console.log check (Clean Code)
          if grep -r --include="*.ts" --include="*.tsx" --exclude-dir={node_modules,.next,.agents,.git,scripts,test,__tests__} "console.log" .; then
            echo "❌ console.log detected"
            exit 1
          fi

      - name: 🧪 Run Tests & Coverage
        run: |
          cd backend && pnpm test --watchAll=false
          cd ../frontend && pnpm test run

  # ============================================================
  # JOB 2 : Deploy — Trigger Blue-Green on QNAP
  # ============================================================
  deploy:
    needs: build
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - name: 🚀 Trigger Deployment on QNAP
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          password: ${{ secrets.PASSWORD }}
          port: ${{ secrets.PORT }}
          timeout: 1200s
          command_timeout: 900s
          script_stop_signal: true
          script: |
            set -e
            export PATH="/share/CACHEDEV1_DATA/.qpkg/container-station/bin:/opt/bin:/usr/local/bin:/usr/bin:/bin:$PATH"
            
            # Sync scripts first
            echo "📂 Syncing deployment scripts..."
            cd /share/np-dms/app/source/lcbp3
            git fetch origin main
            git reset --hard origin/main
            
            # Ensure scripts are executable
            chmod +x scripts/deploy.sh scripts/rollback.sh
            
            echo "🚀 Executing Blue-Green deployment..."
            # Pass registry credentials if needed by the pull command in deploy.sh
            export DB_PASSWORD="${{ secrets.DB_PASSWORD }}"
            ./scripts/deploy.sh