labFusion/.gitea/workflows/frontend.yml

name: Frontend (React)

on:
  push:
    paths:
      - 'frontend/**'
      - '.gitea/workflows/frontend.yml'
  pull_request:
    paths:
      - 'frontend/**'

env:
  REGISTRY: gitea.example.com
  IMAGE_PREFIX: labfusion
  SERVICE_NAME: frontend

jobs:
  test:
    runs-on: [self-hosted]
    defaults:
      run:
        working-directory: ./frontend
    
    strategy:
      matrix:
        node-version: [16, 18, 20]
        
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
        
    - name: Cache npm dependencies
      uses: actions/cache@v4
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-${{ matrix.node-version }}-${{ hashFiles('frontend/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-${{ matrix.node-version }}-
          ${{ runner.os }}-node-
          ${{ runner.os }}-
        
    - name: Install dependencies
      run: |
        if [ -f package-lock.json ]; then
          npm ci
        else
          npm install
        fi
      
    - name: Run linting
      run: |
        npm run lint
        npm run lint:fix --dry-run
        
    - name: Run type checking
      run: npm run type-check
      
    - name: Run security audit
      run: |
        npm audit --audit-level=moderate
        npm audit fix --dry-run
        
    - name: Run tests
      run: |
        npm test -- --coverage --watchAll=false --passWithNoTests
        npm run test:coverage
        
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./frontend/coverage/lcov.info
        flags: frontend
        name: frontend-coverage
        
    - name: Test results summary
      if: always()
      run: |
        echo "Test results available in pipeline logs"
        echo "Coverage report: frontend/coverage/"
        echo "Jest test results: frontend/test-results/"

  build:
    runs-on: [self-hosted]
    needs: test
    defaults:
      run:
        working-directory: ./frontend
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js 18
      uses: actions/setup-node@v4
      with:
        node-version: '18'
        
    - name: Cache npm dependencies
      uses: actions/cache@v4
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-18-${{ hashFiles('frontend/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-18-
          ${{ runner.os }}-node-
        
    - name: Install dependencies
      run: |
        if [ -f package-lock.json ]; then
          npm ci
        else
          npm install
        fi
      
    - name: Build application
      run: |
        npm run build
        npm run build:analyze
        
    - name: Build artifacts summary
      run: |
        echo "Build artifacts created in frontend/build/"
        echo "Build analysis available in pipeline logs"
        
    - name: Build Docker image (test only)
      run: docker build -t frontend:test .

  lighthouse:
    runs-on: [self-hosted]
    needs: build
    if: github.event_name == 'pull_request'
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Build application for Lighthouse
      run: |
        cd frontend
        npm ci
        npm run build
        
    - name: Run Lighthouse CI
      uses: treosh/lighthouse-ci-action@v10
      with:
        configPath: './frontend/.lighthouserc.json'
        uploadArtifacts: true
        temporaryPublicStorage: true

  security:
    runs-on: [self-hosted]
    needs: build
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js 18
      uses: actions/setup-node@v4
      with:
        node-version: '18'
      
    - name: Build Docker image for security scan
      run: |
        cd frontend
        docker build -t frontend:security-scan .
      
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: frontend:security-scan
        format: 'sarif'
        output: 'trivy-results.sarif'
        
    - name: Upload Trivy scan results
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'