name: CI/CD Pipeline

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main, develop ]

jobs:
  test:
    runs-on: ubuntu-latest
    
    strategy:
      matrix:
        python-version: [3.8, 3.9, '3.10', '3.11']
    
    services:
      mysql:
        image: mysql:5.7
        env:
          MYSQL_ROOT_PASSWORD: root
          MYSQL_DATABASE: partner_alignment_test
          MYSQL_USER: test_user
          MYSQL_PASSWORD: test_password
        ports:
          - 3306:3306
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python ${{ matrix.python-version }}
      uses: actions/setup-python@v4
      with:
        python-version: ${{ matrix.python-version }}
    
    - name: Cache pip dependencies
      uses: actions/cache@v3
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
          ${{ runner.os }}-pip-
    
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
    
    - name: Set up environment variables
      run: |
        echo "SECRET_KEY=test-secret-key" >> $GITHUB_ENV
        echo "JWT_SECRET_KEY=test-jwt-secret-key" >> $GITHUB_ENV
        echo "DB_HOST=127.0.0.1" >> $GITHUB_ENV
        echo "DB_PORT=3306" >> $GITHUB_ENV
        echo "DB_USER=test_user" >> $GITHUB_ENV
        echo "DB_PASSWORD=test_password" >> $GITHUB_ENV
        echo "DB_NAME=partner_alignment_test" >> $GITHUB_ENV
        echo "ENABLE_REGISTRATION=True" >> $GITHUB_ENV
        echo "DEFAULT_ROLE=user" >> $GITHUB_ENV
    
    - name: Wait for MySQL
      run: |
        while ! mysqladmin ping -h"127.0.0.1" -P3306 -u"test_user" -p"test_password" --silent; do
          sleep 1
        done
    
    - name: Run linting
      run: |
        pip install flake8
        flake8 app.py models.py auth.py auth_routes.py dashboard_routes.py admin_routes.py init_system.py --max-line-length=120 --ignore=E501,W503
    
    - name: Run unit tests
      run: |
        python -m pytest tests/unit/ -v --tb=short --cov=app --cov=models --cov=auth --cov=auth_routes --cov=dashboard_routes --cov=admin_routes --cov-report=xml --cov-report=term-missing
    
    - name: Run integration tests
      run: |
        python -m pytest tests/integration/ -v --tb=short
    
    - name: Run API tests
      run: |
        python -m pytest tests/api/ -v --tb=short
    
    - name: Run all tests with coverage
      run: |
        python -m pytest tests/ -v --tb=short --cov=app --cov=models --cov=auth --cov=auth_routes --cov=dashboard_routes --cov=admin_routes --cov-report=xml --cov-report=html:htmlcov --cov-report=term-missing --cov-fail-under=80
    
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./coverage.xml
        flags: unittests
        name: codecov-umbrella
        fail_ci_if_error: false

  security:
    runs-on: ubuntu-latest
    
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.10'
    
    - name: Install security tools
      run: |
        python -m pip install --upgrade pip
        pip install bandit safety
    
    - name: Run Bandit security scan
      run: |
        bandit -r app.py models.py auth.py auth_routes.py dashboard_routes.py admin_routes.py init_system.py -f json -o bandit-report.json || true
    
    - name: Run Safety check
      run: |
        safety check --json --output safety-report.json || true
    
    - name: Upload security reports
      uses: actions/upload-artifact@v3
      with:
        name: security-reports
        path: |
          bandit-report.json
          safety-report.json

  build:
    runs-on: ubuntu-latest
    needs: [test, security]
    
    steps:
    - uses: actions/checkout@v4
    
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.10'
    
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements.txt
    
    - name: Build Docker image
      run: |
        docker build -t partner-alignment:latest .
    
    - name: Test Docker image
      run: |
        docker run --rm partner-alignment:latest python -c "import app; print('App imports successfully')"

  deploy-staging:
    runs-on: ubuntu-latest
    needs: [build]
    if: github.ref == 'refs/heads/develop'
    
    steps:
    - uses: actions/checkout@v4
    
    - name: Deploy to staging
      run: |
        echo "Deploying to staging environment..."
        # Add your staging deployment commands here
        # Example: kubectl apply -f k8s/staging/
        # Example: docker push your-registry/partner-alignment:staging

  deploy-production:
    runs-on: ubuntu-latest
    needs: [build]
    if: github.ref == 'refs/heads/main'
    
    steps:
    - uses: actions/checkout@v4
    
    - name: Deploy to production
      run: |
        echo "Deploying to production environment..."
        # Add your production deployment commands here
        # Example: kubectl apply -f k8s/production/
        # Example: docker push your-registry/partner-alignment:latest