name: CI

on:
  push:
  pull_request:

concurrency:
  group: ci-${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  python-validation:
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:16-alpine
        env:
          POSTGRES_DB: onoff
          POSTGRES_USER: onoff
          POSTGRES_PASSWORD: onoff
        ports:
          - 5432:5432
        options: >-
          --health-cmd="pg_isready -U onoff -d onoff"
          --health-interval=10s
          --health-timeout=5s
          --health-retries=5

      redis:
        image: redis:7-alpine
        ports:
          - 6379:6379

    env:
      DJANGO_SECRET_KEY: ci-secret-key
      DJANGO_DEBUG: "0"
      DJANGO_ALLOWED_HOSTS: localhost,127.0.0.1
      POSTGRES_DB: onoff
      POSTGRES_USER: onoff
      POSTGRES_PASSWORD: onoff
      POSTGRES_HOST: 127.0.0.1
      POSTGRES_PORT: "5432"
      REDIS_URL: redis://127.0.0.1:6379/0
      CELERY_TASK_ALWAYS_EAGER: "1"
      NEXTCLOUD_ENABLED: "0"

    defaults:
      run:
        working-directory: backend

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"
          cache: "pip"
          cache-dependency-path: backend/requirements.txt

      - name: Install dependencies
        run: pip install -r requirements.txt

      - name: Install gettext
        run: |
          sudo apt-get update
          sudo apt-get install -y gettext

      - name: Django system check
        run: python manage.py check

      - name: Migration drift check
        run: python manage.py makemigrations --check --dry-run

      - name: Compile translations
        run: django-admin compilemessages

      - name: Collect static assets
        run: python manage.py collectstatic --noinput

      - name: Run tests
        run: python manage.py test workflows.tests -v 2

  docker-release-gate:
    runs-on: ubuntu-latest
    needs: python-validation

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Prepare environment file
        run: cp .env.example .env

      - name: Build and start stack
        run: docker compose up -d --build db redis mailhog web worker

      - name: Wait for web health
        run: |
          for i in $(seq 1 30); do
            if curl --fail --silent --show-error --max-time 5 http://127.0.0.1:8088/healthz/ >/dev/null; then
              exit 0
            fi
            sleep 2
          done
          echo "web health check did not become ready in time" >&2
          exit 1

      - name: Django system check in container
        run: docker compose exec -T web python manage.py check

      - name: Backup verification gate
        run: docker compose exec -T web python manage.py verify_latest_backup --create-if-missing

      - name: Staging smoke gate
        run: docker compose exec -T web python manage.py run_staging_e2e_check --cleanup --email-check none --skip-nextcloud

      - name: Upload generated PDFs
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: staging-pdfs
          path: backend/media/pdfs/
          if-no-files-found: ignore

      - name: Upload docker logs on failure
        if: failure()
        run: docker compose logs --no-color web worker db redis mailhog > docker-compose-ci.log

      - name: Publish docker logs
        if: failure()
        uses: actions/upload-artifact@v4
        with:
          name: docker-compose-ci-logs
          path: docker-compose-ci.log
          if-no-files-found: ignore

      - name: Stop stack
        if: always()
        run: docker compose down -v