name: CI/CD Pipeline

on:
  push:
    branches: [master, develop]
  pull_request:
    branches: [master, develop]

jobs:
  test-backend:
    runs-on: ubuntu-latest
    name: Backend Tests & AI Verification

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Cache Python packages
        uses: actions/cache@v4
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt') }}
          restore-keys: |
            ${{ runner.os }}-pip-

      - name: Install system dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y portaudio19-dev libgl1 libglib2.0-0

      - name: Install Python dependencies
        run: |
          cd modern/backend
          python -m pip install --upgrade pip
          pip install -r requirements.txt
          pip install -r requirements_ai.txt
          pip install pytest pytest-asyncio pytest-cov

      - name: Test AI Model Loading
        run: |
          cd modern/backend
          python -c "
          from huggingface_ai import HuggingFaceAI
          import asyncio
          async def test():
            ai = HuggingFaceAI()
            result = await ai.parse_habit_from_text('test habit')
            print('✅ AI models loaded successfully')
            print(f'Test result: {result}')
          asyncio.run(test())
          "

      - name: Run Backend Tests
        run: |
          cd modern/backend
          pytest tests/ -v --cov=. --cov-report=xml

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v5
        with:
          file: ./modern/backend/coverage.xml
          flags: backend
          name: backend-coverage

  test-frontend:
    runs-on: ubuntu-latest
    name: Frontend Tests & Build

    steps:
      - uses: actions/checkout@v4

      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "npm"
          cache-dependency-path: "modern/frontend/package-lock.json"

      - name: Install dependencies
        run: |
          cd modern/frontend
          npm ci

      - name: Build production bundle
        run: |
          cd modern/frontend
          npm run build

      - name: Upload build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: frontend-build
          path: modern/frontend/dist/
          retention-days: 7

  security-scan:
    runs-on: ubuntu-latest
    name: Security Scanning
    permissions:
      actions: read
      contents: read
      security-events: write

    strategy:
      fail-fast: false
      matrix:
        language: ["python", "javascript"]

    steps:
      - uses: actions/checkout@v4

      - name: Set up Node.js
        if: matrix.language == 'javascript'
        uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install npm dependencies
        if: matrix.language == 'javascript'
        run: |
          cd modern/frontend
          npm ci

      - name: Run security audit (npm)
        if: matrix.language == 'javascript'
        run: |
          cd modern/frontend
          npm audit --audit-level=moderate

      - name: Set up Python
        if: matrix.language == 'python'
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Run security audit (pip)
        if: matrix.language == 'python'
        run: |
          cd modern/backend
          pip install safety
          safety check -r requirements.txt -r requirements_ai.txt

      - name: Initialize CodeQL
        uses: github/codeql-action/init@v3
        with:
          languages: ${{ matrix.language }}

      - name: Autobuild
        uses: github/codeql-action/autobuild@v3

      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@v3
        with:
          category: "/language:${{ matrix.language }}"

  deploy-preview:
    if: github.event_name == 'pull_request'
    needs: [test-backend, test-frontend]
    runs-on: ubuntu-latest
    name: Deploy Preview

    steps:
      - uses: actions/checkout@v4

      - name: Deploy to Vercel Preview
        uses: amondnet/vercel-action@v25
        with:
          vercel-token: ${{ secrets.VERCEL_TOKEN }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          vercel-args: "--prod"
          vercel-org-id: ${{ secrets.ORG_ID}}
          vercel-project-id: ${{ secrets.PROJECT_ID}}
          working-directory: ./modern/frontend

  deploy-production:
    if: github.ref == 'refs/heads/master' && github.event_name == 'push'
    needs: [test-backend, test-frontend, security-scan]
    runs-on: ubuntu-latest
    name: Deploy to Production

    steps:
      - uses: actions/checkout@v4

      - name: Deploy Frontend to Vercel
        uses: amondnet/vercel-action@v25
        with:
          vercel-token: ${{ secrets.VERCEL_TOKEN }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          vercel-args: "--prod"
          vercel-org-id: ${{ secrets.ORG_ID}}
          vercel-project-id: ${{ secrets.PROJECT_ID}}
          working-directory: ./modern/frontend

      - name: Deploy Backend to Railway
        run: |
          echo "Backend deployment would happen here"
          echo "Using Railway CLI or API"
          # railway deploy --service=liferpg-backend

      - name: Create Release
        if: github.event_name == 'push'
        uses: softprops/action-gh-release@v2
        with:
          tag_name: v${{ github.run_number }}
          name: Release v${{ github.run_number }}
          body: |
            ## What's New
            - Automated deployment from commit ${{ github.sha }}
            - Backend and frontend updated
            - AI models: HuggingFace Transformers

            ## Technical Details
            - Build: ${{ github.run_number }}
            - Commit: ${{ github.sha }}
            - Branch: ${{ github.ref }}
          draft: false
          prerelease: false