labFusion/.gitea/workflows/frontend.yml

name: Frontend (React)

on:
  push:
    paths:
      - 'frontend/**'
      - '.gitea/workflows/frontend.yml'
  pull_request:
    paths:
      - 'frontend/**'

env:
  REGISTRY: gitea.example.com
  IMAGE_PREFIX: labfusion
  SERVICE_NAME: frontend

jobs:
  test:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./frontend
    
    strategy:
      matrix:
        node-version: [16, 18, 20]
        
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
        cache: 'npm'
        cache-dependency-path: frontend/package-lock.json
        
    - name: Install dependencies
      run: npm ci
      
    - name: Run linting
      run: |
        npm run lint
        npm run lint:fix --dry-run
        
    - name: Run type checking
      run: npm run type-check
      
    - name: Run security audit
      run: |
        npm audit --audit-level=moderate
        npm audit fix --dry-run
        
    - name: Run tests
      run: |
        npm test -- --coverage --watchAll=false --passWithNoTests
        npm run test:coverage
        
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./frontend/coverage/lcov.info
        flags: frontend
        name: frontend-coverage
        
    - name: Upload test results
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: test-results-frontend-node-${{ matrix.node-version }}
        path: |
          frontend/coverage/
          frontend/test-results/

  build:
    runs-on: ubuntu-latest
    needs: test
    defaults:
      run:
        working-directory: ./frontend
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js 18
      uses: actions/setup-node@v4
      with:
        node-version: '18'
        cache: 'npm'
        cache-dependency-path: frontend/package-lock.json
        
    - name: Install dependencies
      run: npm ci
      
    - name: Build application
      run: |
        npm run build
        npm run build:analyze
        
    - name: Upload build artifacts
      uses: actions/upload-artifact@v4
      with:
        name: frontend-build
        path: frontend/build/
        
    - name: Build Docker image (test only)
      run: docker build -t frontend:test .

  lighthouse:
    runs-on: ubuntu-latest
    needs: build
    if: github.event_name == 'pull_request'
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Download build artifacts
      uses: actions/download-artifact@v4
      with:
        name: frontend-build
        path: frontend/build/
        
    - name: Run Lighthouse CI
      uses: treosh/lighthouse-ci-action@v10
      with:
        configPath: './frontend/.lighthouserc.json'
        uploadArtifacts: true
        temporaryPublicStorage: true

  security:
    runs-on: ubuntu-latest
    needs: build
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: frontend:test
        format: 'sarif'
        output: 'trivy-results.sarif'
        
    - name: Upload Trivy scan results
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'