name: ci

on:
  push:
    branches:
      - main
  pull_request:

jobs:
  backend:
    name: backend (lint + typecheck + unit tests)
    runs-on: linux
    container:
      image: python:3.12-slim-bookworm
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_DB: mimic_test
          POSTGRES_USER: mimic_test
          POSTGRES_PASSWORD: mimic_test_password
        # Healthcheck so Gitea Actions waits for Postgres readiness.
        options: >-
          --health-cmd "pg_isready -U mimic_test -d mimic_test"
          --health-interval 5s
          --health-timeout 3s
          --health-retries 10
    env:
      MIMIC_ENV: test
      MIMIC_DATABASE_URL: postgresql+psycopg://mimic_test:mimic_test_password@postgres:5432/mimic_test
      MIMIC_DATABASE_AUDIT_URL: postgresql+psycopg://mimic_test:mimic_test_password@postgres:5432/mimic_test
      MIMIC_SECRET_KEY: ci-not-secret
      MIMIC_FERNET_KEY: ${{ secrets.FERNET_KEY_TEST }}
      MIMIC_BLOB_ROOT: /tmp/mimic-blobs
      MIMIC_EVIDENCE_ROOT: /tmp/mimic-evidence
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: System deps (psycopg + WeasyPrint runtime)
        run: |
          apt-get update -qq
          apt-get install -y --no-install-recommends \
            build-essential libpq-dev \
            libpango-1.0-0 libpangoft2-1.0-0 libcairo2 libffi-dev
          rm -rf /var/lib/apt/lists/*

      - name: Install backend
        working-directory: backend
        run: |
          python -m pip install --upgrade pip
          pip install -e ".[dev]"

      - name: Ruff lint
        working-directory: backend
        run: ruff check src tests

      - name: Ruff format check
        working-directory: backend
        run: ruff format --check src tests

      - name: Mypy strict
        working-directory: backend
        run: mypy --strict src

      - name: Pytest unit
        working-directory: backend
        run: pytest tests/unit -q

  frontend:
    name: frontend (lint + typecheck + build + unit tests)
    runs-on: linux
    container:
      image: node:22-alpine
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Install
        working-directory: frontend
        run: npm ci

      - name: ESLint
        working-directory: frontend
        run: npm run lint

      - name: TypeScript typecheck
        working-directory: frontend
        run: npm run typecheck

      - name: Vitest
        working-directory: frontend
        run: npm test

      - name: Vite build
        working-directory: frontend
        run: npm run build