name: Test

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  CARGO_TERM_COLOR: always

jobs:
  backend-test:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:16
        env:
          POSTGRES_USER: postgres
          POSTGRES_PASSWORD: 123123
          POSTGRES_DB: postgres
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    env:
      TEST_DB_URL: postgres://postgres:123123@localhost:5432/postgres
      JWT_SECRET: test-jwt-secret-for-ci
      DATABASE_URL: postgres://postgres:123123@localhost:5432/erp_ci

    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - uses: Swatinem/rust-cache@v2

      - name: Check
        run: cargo check --workspace

      - name: Run unit tests
        run: cargo test --workspace --lib --bins -- --test-threads=2

      - name: Run integration tests
        run: cargo test -p erp-server --test integration -- --test-threads=1

      - name: Clippy
        run: cargo clippy --workspace -- -D warnings

      - name: Security audit (Rust)
        run: cargo audit

  frontend-test:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: apps/web

    steps:
      - uses: actions/checkout@v4
      - uses: pnpm/action-setup@v4
        with:
          version: 10
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: pnpm
          cache-dependency-path: apps/web/pnpm-lock.yaml

      - run: pnpm install --frozen-lockfile

      - name: TypeScript check
        run: npx tsc --noEmit

      - name: Run unit tests
        run: pnpm test -- --run

      - name: Build
        run: pnpm build

      - name: Security audit (npm)
        run: npx npm-audit --audit-level=high || true