name: Frontend CI Pipeline

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

env:
  REGISTRY: gitea.example.com
  IMAGE_NAME: inventory/frontend
  SONAR_HOST: http://sonarqube.example.com

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for SonarQube

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Run linter
        run: npm run lint

      - name: Run tests with coverage
        run: npm test

      - name: Build application
        run: npm run build

      - name: SonarQube Scan
        uses: sonarsource/sonarqube-scan-action@v2
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ env.SONAR_HOST }}

      - name: SonarQube Quality Gate
        uses: sonarsource/sonarqube-quality-gate-action@v1
        timeout-minutes: 5
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to Gitea Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}

      - name: Extract metadata
        id: meta
        run: |
          BRANCH=${GITHUB_REF#refs/heads/}
          SHA_SHORT=$(git rev-parse --short HEAD)
          echo "branch=${BRANCH}" >> $GITHUB_OUTPUT
          echo "sha=${SHA_SHORT}" >> $GITHUB_OUTPUT
          echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.branch }}-${{ steps.meta.outputs.sha }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.branch }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max

      - name: Update k8s manifests
        if: github.ref == 'refs/heads/main'
        run: |
          git clone https://${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}@gitea.example.com/inventory/k8s-manifests.git
          cd k8s-manifests

          # Update image tag in kustomization
          sed -i "s|newTag:.*|newTag: ${{ steps.meta.outputs.branch }}-${{ steps.meta.outputs.sha }}|" overlays/prod/kustomization.yaml

          git config user.name "Gitea Actions"
          git config user.email "actions@gitea.local"
          git add overlays/prod/kustomization.yaml
          git commit -m "Update frontend image to ${{ steps.meta.outputs.branch }}-${{ steps.meta.outputs.sha }}"
          git push