name: Python CI/CD
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀

on:
  push:
    branches:
      - main
      - develop
  pull_request:
    branches:
      - main
      - develop

jobs:
  test-and-validate:
    runs-on: ubuntu-latest
    
    strategy:
      matrix:
        python-version: ['3.9', '3.10', '3.11']
    
    steps:
      - name: Checkout du code
        uses: actions/checkout@v3
      
      - name: Configuration de Python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}
      
      - name: Mise en cache des dépendances
        uses: actions/cache@v3
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
          restore-keys: |
            ${{ runner.os }}-pip-
      
      - name: Installation des dépendances
        run: |
          python -m pip install --upgrade pip
          if [ -f requirements.txt ]; then
            pip install -r requirements.txt
          fi
          # Installation des outils de test et validation
          pip install pytest pytest-cov flake8 black pylint mypy
      
      - name: Vérification du formatage avec Black
        run: |
          black --check --diff .
        continue-on-error: true
      
      - name: Analyse statique avec Flake8
        run: |
          # Arrêt si erreurs critiques, warnings pour le reste
          flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
          flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
      
      - name: Analyse avec Pylint
        run: |
          find . -name "*.py" -not -path "./venv/*" -not -path "./.venv/*" | xargs pylint --exit-zero
        continue-on-error: true
      
      - name: Vérification des types avec MyPy
        run: |
          mypy . --ignore-missing-imports --no-strict-optional
        continue-on-error: true
      
      - name: Exécution des tests avec Pytest
        run: |
          if [ -d "tests" ]; then
            pytest tests/ -v --cov=. --cov-report=xml --cov-report=html --cov-report=term
          else
            echo "Aucun répertoire 'tests' trouvé, tests ignorés"
          fi
      
      - name: Upload de la couverture de code
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: coverage-report-${{ matrix.python-version }}
          path: htmlcov/
          retention-days: 30

  security-check:
    runs-on: ubuntu-latest
    
    steps:
      - name: Checkout du code
        uses: actions/checkout@v3
      
      - name: Configuration de Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      
      - name: Installation de Safety et Bandit
        run: |
          pip install safety bandit
      
      - name: Vérification des vulnérabilités avec Safety
        run: |
          if [ -f requirements.txt ]; then
            safety check -r requirements.txt --json || true
          fi
        continue-on-error: true
      
      - name: Analyse de sécurité avec Bandit
        run: |
          bandit -r . -f json -o bandit-report.json || true
          bandit -r . -f screen
        continue-on-error: true
      
      - name: Upload du rapport de sécurité
        uses: actions/upload-artifact@v3
        if: always()
        with:
          name: security-reports
          path: |
            bandit-report.json
          retention-days: 30