name: 📊 Quality

on:
  pull_request:
    types: [opened, synchronize, reopened]
    branches: [develop, main]
  push:
    branches:
      - main
      - develop
  workflow_dispatch:

jobs:
  security:
    name: 🔒 Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: ⬇️ Checkout
        uses: actions/checkout@v6

      - name: 🧰 Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: npm

      - name: 📥 Install
        run: npm ci

      - name: 🔒 Audit
        run: npm audit --audit-level=high
        continue-on-error: true

  dependencies:
    name: 📋 Dependency Freshness
    runs-on: ubuntu-latest
    steps:
      - name: ⬇️ Checkout
        uses: actions/checkout@v6

      - name: 🧰 Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: npm

      - name: 📥 Install
        run: npm ci

      - name: 📋 Check outdated
        run: npm outdated --depth=0
        continue-on-error: true

  bundle-size:
    name: 📦 Bundle Size
    runs-on: ubuntu-latest
    steps:
      - name: ⬇️ Checkout
        uses: actions/checkout@v6
        with:
          lfs: true

      - name: 🧰 Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: npm

      - name: 📥 Install
        run: npm ci

      - name: 🧹 Lint
        run: npm run lint

      - name: 🎨 Format check
        run: npm run format:check

      - name: 📦 Build
        run: npm run build

      - name: 📏 Check bundle size
        run: |
          # Check generated JS/CSS bundles only; public runtime assets are copied to dist/assets too.
          SIZE=$(node -e "const fs=require('fs');const path=require('path');function walk(dir){return fs.readdirSync(dir,{withFileTypes:true}).flatMap((entry)=>{const file=path.join(dir,entry.name);return entry.isDirectory()?walk(file):file;});}const bytes=walk('dist/assets').filter((file)=>/\.(js|css)$/.test(file)).reduce((sum,file)=>sum+fs.statSync(file).size,0);console.log(Math.ceil(bytes/1024));")
          echo "Bundle size: ${SIZE}KB"

          THRESHOLD=5000

          if [ "$SIZE" -gt "$THRESHOLD" ]; then
            echo "❌ Bundle size ${SIZE}KB exceeds threshold ${THRESHOLD}KB"
            exit 1
          fi
          echo "✅ Bundle size ${SIZE}KB is under threshold"