name: CI

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main, develop]

jobs:
  ci:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: https://gitea.com/actions/checkout@v4

      - name: Set up Python
        uses: https://gitea.com/actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Cache pip
        uses: https://gitea.com/actions/cache@v4
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
          restore-keys: |
            ${{ runner.os }}-pip-

      - name: Install dependencies
        run: pip install -r requirements.txt

      - name: Install lint and security tools
        run: pip install ruff bandit safety

      - name: Lint with Ruff
        run: ruff check dashboard watcher_visio

      - name: Run tests
        env:
          USE_MOCK_DATA: "true"
        run: python manage.py test dashboard

      - name: Security check with Bandit
        run: bandit -r dashboard watcher_visio -ll

      - name: Security check with Safety
        run: safety check -r requirements.txt