labFusion/.gitea/workflows/api-docs.yml

name: API Docs (Node.js Express)

on:
  push:
    paths:
      - 'services/api-docs/**'
      - '.gitea/workflows/api-docs.yml'
  pull_request:
    paths:
      - 'services/api-docs/**'

env:
  REGISTRY: gitea.example.com
  IMAGE_PREFIX: labfusion
  SERVICE_NAME: api-docs

jobs:
  test:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./services/api-docs
    
    strategy:
      matrix:
        node-version: [16, 18, 20]
        
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js ${{ matrix.node-version }}
      uses: actions/setup-node@v4
      with:
        node-version: ${{ matrix.node-version }}
        
    - name: Cache npm dependencies
      uses: actions/cache@v4
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-${{ matrix.node-version }}-${{ hashFiles('services/api-docs/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-${{ matrix.node-version }}-
          ${{ runner.os }}-node-
        
    - name: Install dependencies
      run: |
        if [ -f package-lock.json ]; then
          npm ci
        else
          npm install
        fi
      
    - name: Run linting
      run: |
        npm run lint
        npm run lint:fix --dry-run
        
    - name: Run type checking
      run: npm run type-check
      
    - name: Run security audit
      run: |
        npm audit --audit-level=moderate
        npm audit fix --dry-run
        
    - name: Run tests
      run: |
        npm test -- --coverage --watchAll=false
        npm run test:coverage
        
    - name: Upload coverage to Codecov
      uses: codecov/codecov-action@v3
      with:
        file: ./services/api-docs/coverage/lcov.info
        flags: api-docs
        name: api-docs-coverage
        
    - name: Upload test results
      uses: actions/upload-artifact@v4
      if: always()
      with:
        name: test-results-node-${{ matrix.node-version }}
        path: |
          services/api-docs/coverage/
          services/api-docs/test-results/

  build:
    runs-on: ubuntu-latest
    needs: test
    defaults:
      run:
        working-directory: ./services/api-docs
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Set up Node.js 18
      uses: actions/setup-node@v4
      with:
        node-version: '18'
        
    - name: Cache npm dependencies
      uses: actions/cache@v4
      with:
        path: ~/.npm
        key: ${{ runner.os }}-node-18-${{ hashFiles('services/api-docs/package-lock.json') }}
        restore-keys: |
          ${{ runner.os }}-node-18-
          ${{ runner.os }}-node-
        
    - name: Install dependencies
      run: |
        if [ -f package-lock.json ]; then
          npm ci
        else
          npm install
        fi
      
    - name: Build application
      run: npm run build
      
    - name: Build Docker image (test only)
      run: docker build -t api-docs:test .

  security:
    runs-on: ubuntu-latest
    needs: build
    
    steps:
    - name: Checkout code
      uses: actions/checkout@v4
      
    - name: Run Trivy vulnerability scanner
      uses: aquasecurity/trivy-action@master
      with:
        image-ref: api-docs:test
        format: 'sarif'
        output: 'trivy-results.sarif'
        
    - name: Upload Trivy scan results
      uses: github/codeql-action/upload-sarif@v2
      if: always()
      with:
        sarif_file: 'trivy-results.sarif'