name: Backend CI

on:
  pull_request:
    branches: [high-performance]
  push:
    branches: [high-performance]

jobs:
  test:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_USER: nxtgauge
          POSTGRES_PASSWORD: nxtgauge_dev
          POSTGRES_DB: nxtgauge_db
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports: ['5432:5432']
      redis:
        image: redis:7-alpine
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports: ['6379:6379']

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt, clippy

      - name: Cache cargo registry
        uses: Swatinem/rust-cache@v2

      - name: Install test tools
        run: |
          cargo install cargo-nextest cargo-llvm-cov cargo-deny

      - name: Check formatting
        run: cargo fmt -- --check

      - name: Run clippy
        run: cargo clippy -- -D warnings

      - name: Run cargo-deny (dependency check)
        run: cargo deny check

      - name: Build
        run: cargo build --workspace

      - name: Unit tests with nextest
        run: cargo nextest run --workspace --cargo-extra-args="--all-features"

      # Integration tests require DB up; run with scripts/init-db.sql
      - name: Initialize database
        env:
          DATABASE_URL: postgresql://nxtgauge:nxtgauge_dev@localhost:5432/nxtgauge_db
        run: |
          psql $DATABASE_URL -f scripts/init-db.sql

      - name: Integration tests
        env:
          DATABASE_URL: postgresql://nxtgauge:nxtgauge_dev@localhost:5432/nxtgauge_db
          REDIS_URL: redis://localhost:6379
          JWT_SECRET: testsecret
        run: cargo nextest run --workspace --test '*' --cargo-extra-args="--all-features"

      - name: Generate coverage report
        env:
          DATABASE_URL: postgresql://nxtgauge:nxtgauge_dev@localhost:5432/nxtgauge_db
        run: |
          cargo llvm-cov nextest --workspace --all-features --lcov --output-path lcov.info

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v4
        with:
          files: lcov.info
          fail_ci_if_error: false

      - name: Archive load-test script (k6)
        run: tar -czf load-tests.tar.gz load-tests/

      - name: Upload load-test script artifact
        uses: actions/upload-artifact@v4
        with:
          name: load-tests
          path: load-tests.tar.gz

  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Trivy
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          format: 'sarif'
          output: 'trivy-results.sarif'
      - name: Upload Trivy results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: 'trivy-results.sarif'