name: CI

on:
  pull_request:
    branches: [ main, develop ]
  push:
    branches: [ main, develop ]

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.10", "3.11", "3.12", "3.13"]
        
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v5
      with:
        python-version: ${{ matrix.python-version }}
    
    - name: Install uv
      uses: astral-sh/setup-uv@v4
      with:
        version: "latest"
    
    - name: Install dependencies
      run: |
        uv sync --extra dev
    
    - name: Run linting
      run: |
        uv run python lint.py || echo "Linting found issues but continuing..."
      continue-on-error: true
    
    - name: Run tests with coverage
      run: |
        uv run pytest --cov=penpot_mcp tests/ --cov-report=xml --cov-report=term-missing
    
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v4
      if: matrix.python-version == '3.12'
      with:
        file: ./coverage.xml
        flags: unittests
        name: codecov-umbrella
        fail_ci_if_error: false

  security-check:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: "3.12"
    
    - name: Install uv
      uses: astral-sh/setup-uv@v4
    
    - name: Install dependencies
      run: |
        uv sync --extra dev
    
    - name: Run security checks with bandit
      run: |
        uv add bandit[toml]
        uv run bandit -r penpot_mcp/ -f json -o bandit-report.json || true
    
    - name: Upload security scan results
      uses: github/codeql-action/upload-sarif@v3
      if: always()
      with:
        sarif_file: bandit-report.json
      continue-on-error: true

  build-test:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: "3.12"
    
    - name: Install uv
      uses: astral-sh/setup-uv@v4
    
    - name: Install dependencies
      run: |
        uv sync --extra dev
    
    - name: Build package
      run: |
        uv build
    
    - name: Test package installation
      run: |
        python -m pip install dist/*.whl
        penpot-mcp --help || echo "CLI help command failed"
        python -c "import penpot_mcp; print(f'Version: {penpot_mcp.__version__}')"
    
    - name: Upload build artifacts
      uses: actions/upload-artifact@v4
      with:
        name: dist-files
        path: dist/
        retention-days: 7

  test-docker:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v3
    
    - name: Create test Dockerfile
      run: |
        cat > Dockerfile.test << 'EOF'
        FROM python:3.12-slim
        
        # Install uv
        COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
        
        # Set working directory
        WORKDIR /app
        
        # Copy project files
        COPY . .
        
        # Install dependencies and run tests
        RUN uv sync --extra dev
        RUN uv run pytest
        
        # Test CLI commands
        RUN uv run penpot-mcp --help || echo "CLI help test completed"
        EOF
    
    - name: Build and test Docker image
      run: |
        docker build -f Dockerfile.test -t penpot-mcp-test .