name: Pull Request — Quality gate

# Lance les tests + lint + build sur chaque PR ciblant develop.
# Deux jobs en parallele (backend / frontend) pour reduire le temps de feedback.
# E2E volontairement hors scope (cf. regle d'or testing.md).

on:
  pull_request:
    branches:
      - develop

# Annule les runs obsoletes quand on repush sur la meme PR.
concurrency:
  group: pr-${{ gitea.event.pull_request.number }}
  cancel-in-progress: true

jobs:
  backend:
    name: Backend (PHP CS + PHPUnit)
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:16-alpine
        env:
          # Doivent matcher la DATABASE_URL ci-dessous (et le default
          # de phpunit.dist.xml). Le suffixe `_test` est applique
          # automatiquement par Doctrine en APP_ENV=test.
          POSTGRES_USER: app
          POSTGRES_PASSWORD: '!ChangeMe!'
          POSTGRES_DB: app
        ports:
          - 5432:5432
        options: >-
          --health-cmd "pg_isready -U app"
          --health-interval 5s
          --health-timeout 5s
          --health-retries 10

    env:
      APP_ENV: test
      APP_SECRET: ci-secret-not-used
      APP_DEBUG: 0
      DEFAULT_URI: http://localhost/
      DATABASE_URL: postgresql://app:!ChangeMe!@127.0.0.1:5432/app?serverVersion=16&charset=utf8
      JWT_SECRET_KEY: '%kernel.project_dir%/config/jwt/private.pem'
      JWT_PUBLIC_KEY: '%kernel.project_dir%/config/jwt/public.pem'
      JWT_PASSPHRASE: change_me_in_env_local

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup PHP 8.4
        uses: shivammathur/setup-php@v2
        with:
          php-version: '8.4'
          extensions: pdo, pdo_pgsql, intl, opcache, zip, mbstring, sodium
          coverage: none
          tools: composer:v2

      - name: Cache Composer
        uses: actions/cache@v4
        with:
          path: ~/.composer/cache
          key: composer-${{ hashFiles('composer.lock') }}
          restore-keys: |
            composer-

      - name: Install PHP dependencies
        run: composer install --no-interaction --no-progress --prefer-dist

      - name: Generate JWT keypair
        run: php bin/console lexik:jwt:generate-keypair --skip-if-exists --no-interaction

      - name: PHP CS Fixer (dry-run)
        run: vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.dist.php --allow-risky=yes --dry-run --diff

      - name: Bootstrap test database
        run: |
          php bin/console doctrine:database:create --env=test --if-not-exists --no-interaction
          php bin/console doctrine:migrations:migrate --env=test --no-interaction
          php bin/console doctrine:schema:update --env=test --force --no-interaction
          php bin/console doctrine:fixtures:load --env=test --no-interaction
          php bin/console app:sync-permissions --env=test --no-interaction

      - name: Run PHPUnit
        run: php -d memory_limit=512M vendor/bin/phpunit

  frontend:
    name: Frontend (lint + Vitest + build)
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: frontend

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node 22
        uses: actions/setup-node@v4
        with:
          node-version: '22'
          cache: npm
          cache-dependency-path: frontend/package-lock.json

      - name: Install Node dependencies
        run: npm ci

      - name: ESLint
        run: npm run lint

      - name: Unit tests (Vitest)
        run: npm run test

      - name: Build production (nuxt build)
        run: npm run build:dist