zclaw_openfang/.gitea/workflows/ci.yml

# ZCLAW Continuous Integration Workflow for Gitea
# Runs on every push to main and all pull requests

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  NODE_VERSION: '20'
  PNPM_VERSION: '9'
  RUST_VERSION: '1.78'

jobs:
  # ============================================================================
  # Lint and Type Check
  # ============================================================================
  lint:
    name: Lint & TypeCheck
    runs-on: ubuntu-latest
    container:
      image: node:20
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Install root dependencies
        run: pnpm install --frozen-lockfile

      - name: Install desktop dependencies
        working-directory: desktop
        run: pnpm install --frozen-lockfile

      - name: Type check desktop
        working-directory: desktop
        run: pnpm typecheck

      - name: Type check root
        run: pnpm exec tsc --noEmit

  # ============================================================================
  # Unit Tests
  # ============================================================================
  test:
    name: Unit Tests
    runs-on: ubuntu-latest
    container:
      image: node:20
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Install root dependencies
        run: pnpm install --frozen-lockfile

      - name: Install desktop dependencies
        working-directory: desktop
        run: pnpm install --frozen-lockfile

      - name: Run desktop unit tests
        working-directory: desktop
        run: pnpm test

      - name: Run root unit tests
        run: pnpm test

  # ============================================================================
  # Build Verification (Frontend only - no Tauri)
  # ============================================================================
  build-frontend:
    name: Build Frontend
    runs-on: ubuntu-latest
    container:
      image: node:20
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Install desktop dependencies
        working-directory: desktop
        run: pnpm install --frozen-lockfile

      - name: Build frontend
        working-directory: desktop
        run: pnpm build

  # ============================================================================
  # Rust Backend Check
  # ============================================================================
  rust-check:
    name: Rust Check
    runs-on: ubuntu-latest
    container:
      image: rust:1.78
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Rust components
        run: rustup component add clippy rustfmt

      - name: Cache Rust dependencies
        uses: Swatinem/rust-cache@v2
        with:
          workspaces: |
            desktop/src-tauri

      - name: Check Rust formatting
        working-directory: desktop/src-tauri
        run: cargo fmt --all -- --check

      - name: Run Clippy
        working-directory: desktop/src-tauri
        run: cargo clippy --all-targets --all-features -- -D warnings

      - name: Check Rust build
        working-directory: desktop/src-tauri
        run: cargo check --all-targets

  # ============================================================================
  # Security Scan
  # ============================================================================
  security:
    name: Security Scan
    runs-on: ubuntu-latest
    container:
      image: node:20
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Install dependencies
        run: |
          pnpm install --frozen-lockfile
          cd desktop && pnpm install --frozen-lockfile

      - name: Run npm audit (root)
        run: pnpm audit --audit-level=high
        continue-on-error: true

      - name: Run npm audit (desktop)
        working-directory: desktop
        run: pnpm audit --audit-level=high
        continue-on-error: true

  # ============================================================================
  # E2E Tests (Optional - requires browser)
  # ============================================================================
  e2e:
    name: E2E Tests
    runs-on: ubuntu-latest
    needs: [lint, test]
    container:
      image: mcr.microsoft.com/playwright:v1.42.0-jammy
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: ${{ env.PNPM_VERSION }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'pnpm'

      - name: Install dependencies
        working-directory: desktop
        run: pnpm install --frozen-lockfile

      - name: Install Playwright browsers
        working-directory: desktop
        run: pnpm exec playwright install chromium

      - name: Run E2E tests
        working-directory: desktop
        run: pnpm test:e2e
        continue-on-error: true