name: CMS CI

on:
  pull_request:
  push:
    branches:
      - dev
      - staging
      - main
  workflow_dispatch:

env:
  BUN_VERSION: "1.3.5"
  NODE_ENV: "test"
  DATABASE_URL: "postgresql://postgres:postgres@postgres:5432/cms?schema=public"
  BETTER_AUTH_SECRET: "ci-test-secret-change-me"
  BETTER_AUTH_URL: "http://localhost:3001"
  CMS_ADMIN_ORIGIN: "http://127.0.0.1:3001"
  CMS_WEB_ORIGIN: "http://127.0.0.1:3000"
  CMS_ADMIN_SELF_REGISTRATION_ENABLED: "false"
  CMS_SUPPORT_USERNAME: "support"
  CMS_SUPPORT_EMAIL: "support@cms.local"
  CMS_SUPPORT_PASSWORD: "support-ci-password"
  CMS_SUPPORT_NAME: "Technical Support"
  CMS_SUPPORT_LOGIN_KEY: "support-access"

jobs:
  governance:
    name: Governance Checks
    runs-on: node22-bun
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Validate branch naming
        run: |
          branch="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
          sh .gitea/scripts/check-branch-name.sh "$branch"

      - name: Validate PR TODO reference
        if: github.event_name == 'pull_request'
        run: |
          body='${{ github.event.pull_request.body }}'
          sh .gitea/scripts/check-pr-todo-reference.sh "$body"

      - name: Commit schema check (latest commit)
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: ${{ env.BUN_VERSION }}

      - name: Install dependencies for commitlint
        run: bun install --frozen-lockfile

      - name: Commitlint
        run: bun run commitlint

  quality:
    name: Lint Typecheck Unit E2E
    needs: governance
    runs-on: node22-bun
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_DB: cms
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: postgres
        ports:
          - 5432:5432
        options: >-
          --health-cmd "pg_isready -U postgres -d cms"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Bun
        uses: oven-sh/setup-bun@v2
        with:
          bun-version: ${{ env.BUN_VERSION }}

      - name: Install dependencies
        run: bun install --frozen-lockfile

      - name: Install Playwright browser deps
        run: bunx playwright install --with-deps chromium

      - name: Lint and format checks
        run: bun run check

      - name: Typecheck
        run: bun run typecheck

      - name: Unit and integration tests
        run: bun run test

      - name: E2E tests
        run: bun run test:e2e