name: 📊 Quality

on:
  pull_request:
    types: [opened, synchronize, reopened]
    branches: [develop, main]
  push:
    branches:
      - main
      - develop
  workflow_dispatch:

jobs:
  security:
    name: 🔒 Security Audit
    runs-on: ubuntu-latest
    steps:
      - name: ⬇️ Checkout
        uses: actions/checkout@v6

      - name: 🧰 Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: npm

      - name: 📥 Install
        run: npm ci

      - name: 🔒 Audit
        run: npm audit --audit-level=high
        continue-on-error: true

  dependencies:
    name: 📋 Dependency Freshness
    runs-on: ubuntu-latest
    steps:
      - name: ⬇️ Checkout
        uses: actions/checkout@v6

      - name: 🧰 Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: npm

      - name: 📥 Install
        run: npm ci

      - name: 📋 Check outdated
        run: npm outdated --depth=0
        continue-on-error: true

  bundle-size:
    name: 📦 Bundle Size
    runs-on: ubuntu-latest
    steps:
      - name: ⬇️ Checkout
        uses: actions/checkout@v6
        with:
          lfs: true

      - name: 🧰 Setup Node
        uses: actions/setup-node@v6
        with:
          node-version: "20"
          cache: npm

      - name: 📥 Install
        run: npm ci

      - name: 📦 Build
        run: npm run build

      - name: 📏 Check bundle size
        run: |
          # Check generated app assets only; public/ model files are runtime assets copied to dist.
          SIZE=$(du -k dist/assets | cut -f1)
          echo "Bundle size: ${SIZE}KB"

          # Threshold: 5000KB (configurable)
          THRESHOLD=5000

          if [ "$SIZE" -gt "$THRESHOLD" ]; then
            echo "❌ Bundle size ${SIZE}KB exceeds threshold ${THRESHOLD}KB"
            exit 1
          fi
          echo "✅ Bundle size ${SIZE}KB is under threshold"